Am I right to assume that, with resource policies,
I can have a record for each resource in the database?
This would make it easy for admins to author them indepedently
11/08/2023, 5:04 PM
If I understood your question correctly, you want to know whether each resource policy is a single record in the database if Cerbos is configured with a database store? If you don't use
11/08/2023, 5:10 PM
Thanks Charith. Yes that was my question. I was planning to use the version to differentiate tenants. I suppose I have no option but reassemble the whole policy into the one record if anything changes
11/08/2023, 5:16 PM
We generally recommend using scoped policies to implement multi-tenancy. I am not sure what you mean by "reassemble the whole policy into the one record". You should use the Admin API for managing policies in the database. If you manually update things in the database, Cerbos might not work correctly.
11/08/2023, 5:19 PM
Yes we will the api. We currently have the roles in our internal MongoDB where admins can update. We were planning to trigger patching this into json and the post to the api. I will look into the scope feature