05/03/2023, 9:51 AM
Is there any way of setting a principal policy to everybody with a role (eg: deny any request if a JWT property is false)?
Andrew Haines (Cerbos)
05/03/2023, 11:21 AM
Principal policies only work for an individual principal matched by ID, so I think your best option here is to use
. Suppose you're using a
role and you only want to allow access if they have a
flag, then define a
derived role which includes that condition, and use the derived role in your resource policies instead of
05/03/2023, 12:20 PM
Got it, thanks!