https://cerbos.dev logo
#community
Title
# community
j

Jesum Yip

08/11/2023, 7:42 AM
quick question - with a principal policy, there's a value for
principalPolicy.principal
. how is this reference? is it in a derived role?
o

oguzhan

08/11/2023, 7:46 AM
Principal policies allow overrides to specific principals. The
principalPolicy.principal
matches the requests’
principal.id
.
j

Jesum Yip

08/11/2023, 7:47 AM
btw is this documented in your docs anywhere i.e. that principalPolicy.principal matches requests' principal.id ?
o

oguzhan

08/11/2023, 7:48 AM
We have a section for the principal policies in the docs
j

Jesum Yip

08/11/2023, 7:48 AM
"With this policy in place, when an authorization check is made with the principal ID of
dpo1
the delete action on a
contact
resource is overridden to be allowed." - it wasn't immediately obvious to me that
principal ID
refers to the requests' principal.id field. but thanks for pointing that out!
o

oguzhan

08/11/2023, 7:51 AM
Yes, it is not obvious, some clarification on that part would be nice. Thanks for mentioning.
2 Views