https://cerbos.dev logo
Powered by
#help
Title
# help
a

Alex Tuca

04/27/2023, 8:54 AM
Hi! Is there any way I can check for both a derived role and an expression in a policy (or if not, at least to check that two derived roles are met simultaneously)? Thanks!
a

Alex Olivier (Cerbos)

04/27/2023, 8:58 AM
Hey
Yup this works by defining the expressions on the rule which also checks for a derived role. Take a look at the 
view:approver
action in this example: https://play.cerbos.dev/p/XhkOi82fFKk3YW60e2c806Yvm0trKEje
a

Alex Tuca

04/27/2023, 12:28 PM
Thanks, that works! Is there any option for the policy needing to meet at least two derived roles?
c

Charith (Cerbos)

04/27/2023, 12:37 PM
If I understand you correctly, it's not possible to specify that the principal must have 
derived_role_a AND derived_role_b
. If you want to ensure that both conditions from those derived roles have been met, you'd need to define a third derived role that encompasses both conditions and write your policy rule targeting only that new derived role.
a

Alex Tuca

04/27/2023, 2:38 PM
I understand, thank you!
32 Views
Powered by