Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage.

Cerbos Community

Trying to figure out if Cerbos would be good for multi-tenant architecture where tenants can set up their own roles for resource permissions. For example;

• Base "Super Admin" role for each tenant which allows read+write access to all resources, specific to that tenant
• Tenant A wants to create a "Contractor" role which allows read-only access to /pages resource
• Tenant B creates an "Employee" role which allows react-write access to all resources except /admin

I'm also wondering if it's feasible to set up "base" rules in .yaml that get loaded into the datastore (Postgres) when the service starts up for the first time. Almost like a seed migration for standard policies. Or - is the expectation that they are all POST/PUT'd if you're using a non-file datastore

Hi <@U03QKTDLCT0>
You can use <https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies.html|Scoped policies> to manage hierarchies and inheritance. Currently Cerbos does not have an interface that you can implement in your UI to allow customers to manage their own policies. However, using the <https://docs.cerbos.dev/cerbos/latest/api/admin_api.html|Admin API>, a UI that you would implement can make real time policy changes.