https://cerbos.dev logo
#help
Title
# help
d

Dung Truong

06/05/2023, 7:04 PM
Hi, after reading the docs, i have mixed feelings about the
derivedRoles
. In this case, it's about too much responsibilities in Cerbos. My expectation is, those
deriveRoles
is normal
role
, but it's determined via the
request
object instead. Could this simplify the system ? So i could send the
role
directly via
request
.
d

Dennis (Cerbos)

06/05/2023, 9:40 PM
Derived roles are convenience, not necessity. Derived roles assume the necessary attributes are available in the request. Suppose your application domain has a notion of a role based on another role and some complex criteria, for example, querying a database or a remote service. In that case, you can check these criteria in the application and pass them as principal attributes in the request.
2 Views