Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage.

Cerbos Community

Am I right to assume that, with resource policies,
I can have a record for each resource in the database?
This would make it easy for admins to author them indepedently

If I understood your question correctly, you want to know whether each resource policy is a single record in the database if Cerbos is configured with a database store? If you don't use `version` or `scope` then,  yes.

Thanks Charith. Yes that was my question. I was planning to use the version to differentiate tenants. I suppose I have no option but reassemble the whole policy into the one record if anything changes

We generally recommend using <https://docs.cerbos.dev/cerbos/latest/policies/scoped_policies|scoped policies> to implement multi-tenancy. I am not sure what you mean by "reassemble the whole policy into the one record". You should use the <https://docs.cerbos.dev/cerbos/latest/api/admin_api|Admin API> for managing policies in the database. If you manually update things in the database, Cerbos might not work correctly.

Yes we will the api. We currently have the roles in our internal MongoDB where admins can update. We were planning to trigger patching this into json and the post to the api. I will look into the scope feature