Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage.

Cerbos Community

Hi, is it possible to return `arbitrary object` instead of just `EFFECT_ALLOW/DENY`
The use case of mine is, i want to return list of `fields` user could access based on `action`.

Yes, with the help of output expressions:
```  rules:
    - actions: ['view']
      effect: EFFECT_ALLOW
      roles:
        - user 
      condition:
        match:
          expr: request.resource.attr.public == true
      output: 
        expr: |-
          "view_allowed:%s".format([request.principal.id])```


<https://docs.cerbos.dev/cerbos/latest/policies/resource_policies>