Roman Levytskyi
05/31/2023, 11:32 AMscope
or resource kind
or both. The only way to do that is .list()
method which seems to be highly inefficient with 1000s
of items in the DB.
The why: tenants may override/create their own roles based on the list of available resources (fetched from authorization server policies) and their actions (extracted from policies). Is that even possible?
Thank you 🙏Charith (Cerbos)
ListPolicies
endpoint of the Cerbos Admin API currently doesn't have a way to filter policies by their attributes. We worked with the assumption that the users will be aware of all the resources and actions they have on the system. So, the case for filtering policies to dynamically discover them hasn't really come up before. It might be possible for us to add some filtering capability to the ListPolicies
endpoint. However, if you want to discover the available actions as well, you'll have to parse the policies yourself because we don't store that kind of metadata about the policies. Furthermore, policies can be written with wildcard actions so it's not guaranteed that you'll be able to get the full list that way anyway.Roman Levytskyi
05/31/2023, 2:26 PMRoman Levytskyi
05/31/2023, 2:27 PM{type}.{resource_name}.v{version}
id format, is it stable?Charith (Cerbos)
Roman Levytskyi
05/31/2023, 3:23 PM