Ankit Khosla

05/09/2023, 8:12 AM
Hi all, I am working on a POC. Have the following requirements. • Only selected users within a teanant can view selected forms • Users can be a part of a group, and creation/updation would be dynamic from UI. How can I achieve this with cerbos?

Charith (Cerbos)

05/09/2023, 9:06 AM
For the first requirement, you can store the IDs of the forms each user is allowed to view and send that as a principal attribute. Then you can have a rule that checks that list to ensure that the form they are trying to view is in it. The groups a user belongs to would be another principal attribute as well. Because Cerbos is stateless, every time you make a request, you have to send the attributes anyway. Therefore, any changes you make in the UI will be immediately visible to Cerbos.