Hi team! I recently discovered Cerbos, and I'm cur...
# help
Hi team! I recently discovered Cerbos, and I'm currently working on some Proof of Concepts (POCs) to confirm that the project fits our needs. The question I'm trying to answer with Cerbos at this time is: "The User:1 can execute the LIST action on the BOOKS resource? If so, in which categories?" To model this problem, I have a list of "allowed categories" as
of my Principal(user:1), associated with a role(e.g.:
{"user": {"categories": [1, 2]}, "admin": {"categories": ["*"]}}
. Are the policy
suitable for returning this category list to my application to perform some kind of filtering in the database, or do you have another recommendation for approaching this kind of problem?"
In my architecture, I would have a service that will manage the Roles&Custom attributes(categories, organization_id, etc.). So before calling the PDP, the only data that I have to perform filtering is the one in the user token(that would be converted into a Principal instance).
Hi @Rael Max! I think what you’re looking for is
Query Plan API
(PlanResources /api/plan/resources) We have a really nice blog post about it: https://cerbos.dev/blog/unlocking-efficient-authz-with-cerbos-query-plan
@oguzhan Thank you! I'll take a look at the blog post! 🙂