https://cerbos.dev logo
#community
Title
# community
d

Denys Andriyanov

06/22/2023, 12:21 PM
I am very new to Cerbos, could you please suggest to me what i did wrong here?
Copy code
---
apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: "default"

  # Importing `identity_roles` in so they can be used in the resource policy.
  importDerivedRoles:
    - identity_roles

  # This resource file is reviewed for when checking permissions when a resource
  # is of `kind` "user_request"
  resource: user_request
  rules:

    # If the `principal`s role is `admin` then all the actions are allowed.
    - actions: [ "*" ]
      roles:
        - root
      effect: EFFECT_ALLOW

    # A `admin_that_owns_the_tenant` can only access `user_request` that belong to resources in
    # their tenant,
    - actions: [ "*" ]
      roles:
        - admin
      effect: EFFECT_ALLOW
      condition:
        match:
          expr: request.resource.attr.tenant == request.principal.tenant
getting "error":"failed to get check for [user_requ est.default]: policy compilation error: 1 compilation errors\nresource user request.yaml Invalid expression in resource rule 'rule-002' (failed to compile
request.resource.attr.tenant == request.principal.tenant
[undefined field 'tenant'])"}
4 Views