https://cerbos.dev logo
#help
Title
a

Alex Tuca

05/03/2023, 9:51 AM
Is there any way of setting a principal policy to everybody with a role (eg: deny any request if a JWT property is false)?
a

Andrew Haines (Cerbos)

05/03/2023, 11:21 AM
Principal policies only work for an individual principal matched by ID, so I think your best option here is to use derived roles. Suppose you're using a
user
role and you only want to allow access if they have a
verified
flag, then define a
verifiedUser
derived role which includes that condition, and use the derived role in your resource policies instead of
user
.
a

Alex Tuca

05/03/2023, 12:20 PM
Got it, thanks!
13 Views