Hi all, I am working on a POC. Have the following requirements.
• Only selected users within a teanant can view selected forms
• Users can be a part of a group, and creation/updation would be dynamic from UI.
How can I achieve this with cerbos?
05/09/2023, 9:06 AM
For the first requirement, you can store the IDs of the forms each user is allowed to view and send that as a principal attribute. Then you can have a rule that checks that list to ensure that the form they are trying to view is in it.
The groups a user belongs to would be another principal attribute as well. Because Cerbos is stateless, every time you make a request, you have to send the attributes anyway. Therefore, any changes you make in the UI will be immediately visible to Cerbos.