Hello guys! I’m trying to adopt Cerbos to power ou...
# help
Hello guys! I’m trying to adopt Cerbos to power our org needs and so far with static roles definitions it looks really good. However, I’m now coding a POC to allow users to configure roles for other users and I couldn’t find any querying mechanism to fetch policies say by
resource kind
or both. The only way to do that is
method which seems to be highly inefficient with
of items in the DB. The why: tenants may override/create their own roles based on the list of available resources (fetched from authorization server policies) and their actions (extracted from policies). Is that even possible? Thank you 🙏
Hi. The
endpoint of the Cerbos Admin API currently doesn't have a way to filter policies by their attributes. We worked with the assumption that the users will be aware of all the resources and actions they have on the system. So, the case for filtering policies to dynamically discover them hasn't really come up before. It might be possible for us to add some filtering capability to the
endpoint. However, if you want to discover the available actions as well, you'll have to parse the policies yourself because we don't store that kind of metadata about the policies. Furthermore, policies can be written with wildcard actions so it's not guaranteed that you'll be able to get the full list that way anyway.
thanks for the reply, makes sense
one more question: can we rely on the
id format, is it stable?
I'd say so. We don't have any plans to change it. If we ever do, there'll be plenty of notice.
alright, thanks