Manuel Dugué
10/24/2023, 1:36 PMroles
attribute, but that does not seem to be possible.
Given that we want to make sure that valid roles are user
, admin
, employee
.
• Would you recommend assigning those to roles
and skip schema?
• Would you recommend adding an extra roles
field to attr
, so that the schema can be used?
◦ What would be the original roles
field be useful for then?
◦ that would increase the complexity of the policies moving roles logic into condition
• Is there something I am missing?Manuel Dugué
10/24/2023, 5:49 PMAlex Olivier (Cerbos)
Alex Olivier (Cerbos)
Andrew Haines (Cerbos)
roles
to attr
and then create derived roles that read from there, to avoid increasing the complexity of the policies (you'd just have to swap roles
to derivedRoles
and wouldn't have to change the conditions.