Title
l
Luis Diaz
05/25/2023, 1:36 PMHello guys! Is there some mechanism for role inheritance? For example, say I have 3 policies A, B, C and 3 roles. Role 1 can access policy A, role 2 can access policy B and role 3 can access policy C. What would be the best way of defining a role 4 such that it inherits all the policies of roles 1 and 2 (i.e. A and B, but not C) aside from creating the new role and manually changing my policies? Is this something that could be done with derived roles?
c
Charith (Cerbos)
05/25/2023, 1:46 PMHi, what do you mean by "policies" in this context? Are they Cerbos policies? If so, why do you say that Role 1 can only access policy A and so on? Is that something enforced on your application side?
l
Luis Diaz
05/25/2023, 1:49 PMSorry I’m getting my language confused. Policies would be rule action sets something along the lines of:
- name: PolicyA
actions:
- ...
roles:
- 1
- name: PolicyB
actions:
- ...
roles:
- 2I was wondering if there was a way (within the cerbos conf) for cerbos to recognise that
role = 3c
Charith (Cerbos)
05/25/2023, 1:56 PMI see. I think you can use derived roles for this. A derived role without any condition is basically an alias for the
parentRoles1parentRoles: ["1"]31parentRoles: ["1", "3"]l
Luis Diaz
05/25/2023, 1:59 PMah okay, I hadn’t tested that but I thought that might be the case. I’ll give that a try thank you very much!!