is it possible for a person to have multiple deriv...
# helpj
Jesum Yip
08/23/2023, 6:52 AMis it possible for a person to have multiple derived roles?
Jesum Yip
08/23/2023, 6:53 AMlike a global role of - "featureXSubscribed" and an additional role of "roleAWithinFeatureX" ?
Jesum Yip
08/23/2023, 6:53 AMand someone else would have "featureXSubscribed" with an additional role of "roleBWithinFeatureX"
Jesum Yip
08/23/2023, 6:55 AMi mean i could create 2 roles
featureXSubscribedRoleA
featureXSubscribedRoleB
Jesum Yip
08/23/2023, 6:55 AMbut that can quickly grow....
a
Alex Olivier (Cerbos)
08/23/2023, 7:01 AM
If multiple derived roles match then that request would have multiple derived roles associated with it
j
Jesum Yip
08/23/2023, 7:58 AMoh ok! so when i am writing a resource policy, can i have an expr that accesses the derivedrole? like a P.attr.derivedRole or P.derivedRole?
Jesum Yip
08/23/2023, 7:59 AMactually, nevermind. let me go experiment a bit 🙂
c
Charith (Cerbos)
08/23/2023, 8:02 AM
The derived roles for the principal are not accessible from within the condition blocks, unfortunately.
j
Jesum Yip
08/23/2023, 8:13 AMturns out the multiple derived roles capability addressed my use case. i'm a happy cow. 🙂
2 Views