Hi Everyone! I just recently found out about Cerbos and it seems like a really powerful tool. My question: Is there a way for the end user to add/remove permissions on a role? is it possible for the end user to create a custom role and add permissions?

Hi Stephan! Since typically a cerbos PDP work as an isolated service, the end user doesn’t have direct access to a instance. This use case is handled by designing an application which basically calls the cerbos Admin API to create or manipulate the policies in a mutable store behind the scenes. The application also must maintain the lifetime of the policy. (Ex: The application needs to disable the policies no longer required by the end-user etc.) Here you can see an example utilizing the admin API (written in golang): https://github.com/cerbos/demo-admin-api