Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage.

Cerbos Community

I am very new to Cerbos, could you please suggest to me what i did wrong here?

```---
apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: "default"

  # Importing `identity_roles` in so they can be used in the resource policy.
  importDerivedRoles:
    - identity_roles

  # This resource file is reviewed for when checking permissions when a resource
  # is of `kind` "user_request"
  resource: user_request
  rules:

    # If the `principal`s role is `admin` then all the actions are allowed.
    - actions: [ "*" ]
      roles:
        - root
      effect: EFFECT_ALLOW

    # A `admin_that_owns_the_tenant` can only access `user_request` that belong to resources in
    # their tenant,
    - actions: [ "*" ]
      roles:
        - admin
      effect: EFFECT_ALLOW
      condition:
        match:
          expr: request.resource.attr.tenant == request.principal.tenant```
getting
"error":"failed to get check for [user_requ
est.default]: policy compilation error: 1 compilation errors:\nresource_user_request.yaml: Invalid expression in resource rule 'rule-002' (failed to compile
 `request.resource.attr.tenant == request.principal.tenant` [undefined field 'tenant'])"}