hi all thank for your help so far if there a way to use s th Cerbos Community #help

hi all - thank for your help so far, if there a ...

Dmitry Meyerson

05/15/2023, 7:06 PM

hi all - thank for your help so far, if there a way to use s.think like regex to define a resource policy where derived role naming choices/convention can be leveraged - example in thread

Dmitry Meyerson

05/15/2023, 7:07 PM

Copy code

apiVersion: api.cerbos.dev/v1
description: progA specific resources
resourcePolicy:
  version: default
  importDerivedRoles:
  - common_roles_based_on_locale_and_groups
  resource: progA
  rules:
  - actions:
    - GET:(.+)
    effect: EFFECT_ALLOW
    derivedRoles:
    - {capture_group}-READ

Dmitry Meyerson

05/15/2023, 7:08 PM

maybe @Emre (Cerbos) or @Dennis (Cerbos)

Dmitry Meyerson

05/15/2023, 7:08 PM

( the above is non-working psuedo-code to help illustrate my question)

Dmitry Meyerson

05/15/2023, 7:10 PM

Copy code

apiVersion: api.cerbos.dev/v1
description: progA specific resources
resourcePolicy:
  version: default
  importDerivedRoles:
  - common_roles_based_on_locale_and_groups
  resource: progA
  rules:
  - actions:
    - GET:some_program
    effect: EFFECT_ALLOW
    derivedRoles:
    - {some_program}-READ

same thing w/out pretending to use regex

Charith (Cerbos)

05/16/2023, 8:11 AM

Hi, please don't

mention individuals because there are people from lots of different timezones here. When you post a question someone from the team will answer you as soon as they can. To answer your question, no, policies don't support regexes and capture groups. You'd have to use a templating tool as discussed in another thread to generate a policy with all the possible combinations.

Dmitry Meyerson

05/16/2023, 4:01 PM

ok - thanks - will stop @ing

4 Views

Open in Slack

Previous Next