Hi! Is it possible to determine which authorised a...
# help
Hi! Is it possible to determine which authorised actions a given actor is allowed to take on a resource without having to specify the actions in the request payload? i.e. instead of specifying to check the resources against the
actions: ['read', 'update, 'delete']
, i would like for the policy to respond with all of the authorised actions the user can take. If I'm thinking about things correctly, this would make things a little more simple at call site?
I'm assuming this isn't possible by design on Cerbos because of the following documentation about the
API? > List of actions being performed on the resource. Up to 50 actions per resource may be provided by default. This limit can be configured.
Hey, you’re right. This is not supported.
No worries, thanks. And to clarify this is by intent, rather than being some functionality for which there are plans to add in the future?
There are several aspects why Cerbos requires an “action” in the check resources request. My take they are: 1. Performance. 2. Resolution logic on the server side: rule actions might contain wildcards. 3. Auditing. Cerbos can keep an audit log of application intents.