https://cerbos.dev logo
#help
Title
# help
r

Roman Levytskyi

05/31/2023, 11:32 AM
Hello guys! I’m trying to adopt Cerbos to power our org needs and so far with static roles definitions it looks really good. However, I’m now coding a POC to allow users to configure roles for other users and I couldn’t find any querying mechanism to fetch policies say by
scope
or
resource kind
or both. The only way to do that is
.list()
method which seems to be highly inefficient with
1000s
of items in the DB. The why: tenants may override/create their own roles based on the list of available resources (fetched from authorization server policies) and their actions (extracted from policies). Is that even possible? Thank you 🙏
c

Charith (Cerbos)

05/31/2023, 12:53 PM
Hi. The
ListPolicies
endpoint of the Cerbos Admin API currently doesn't have a way to filter policies by their attributes. We worked with the assumption that the users will be aware of all the resources and actions they have on the system. So, the case for filtering policies to dynamically discover them hasn't really come up before. It might be possible for us to add some filtering capability to the
ListPolicies
endpoint. However, if you want to discover the available actions as well, you'll have to parse the policies yourself because we don't store that kind of metadata about the policies. Furthermore, policies can be written with wildcard actions so it's not guaranteed that you'll be able to get the full list that way anyway.
r

Roman Levytskyi

05/31/2023, 2:26 PM
thanks for the reply, makes sense
one more question: can we rely on the
{type}.{resource_name}.v{version}
id format, is it stable?
c

Charith (Cerbos)

05/31/2023, 3:22 PM
I'd say so. We don't have any plans to change it. If we ever do, there'll be plenty of notice.
r

Roman Levytskyi

05/31/2023, 3:23 PM
alright, thanks
2 Views