https://cerbos.dev logo
#help
Title
# help
a

Ashwyn Nair

11/07/2023, 6:23 PM
Hi! Is it possible to determine which authorised actions a given actor is allowed to take on a resource without having to specify the actions in the request payload? i.e. instead of specifying to check the resources against the
actions: ['read', 'update, 'delete']
, i would like for the policy to respond with all of the authorised actions the user can take. If I'm thinking about things correctly, this would make things a little more simple at call site?
I'm assuming this isn't possible by design on Cerbos because of the following documentation about the
CheckResources
API? > List of actions being performed on the resource. Up to 50 actions per resource may be provided by default. This limit can be configured.
d

Dennis (Cerbos)

11/07/2023, 8:31 PM
Hey, you’re right. This is not supported.
a

Ashwyn Nair

11/07/2023, 8:32 PM
No worries, thanks. And to clarify this is by intent, rather than being some functionality for which there are plans to add in the future?
d

Dennis (Cerbos)

11/07/2023, 8:41 PM
There are several aspects why Cerbos requires an “action” in the check resources request. My take they are: 1. Performance. 2. Resolution logic on the server side: rule actions might contain wildcards. 3. Auditing. Cerbos can keep an audit log of application intents.
2 Views