Any thoughts on how best to model something like t...
# help
Any thoughts on how best to model something like that?
I would approach this as an attribute on the user which define each each country, which counties the user has permission to. Let me quickly put an example together
Here you go
It checks for a principals role for the location set in the resource
attribute via the condition. \
thanks Alex! What do you think about this one for a multi-level attribute setup?
Looks good to me. You can get as nested as you need with policies so that works great
yeah I guess I was looking for the model to have attributes as a child of role
but this is the problem I hit with every one of these that we've looked at. Apparently we are strange. 🙂
Great tool though. We will evaluate it further! Very easy to explain.
👍 1
The way we think about it is the roles are high level ones from the IdP eg Admin or User. Then Cerbos (or similar) is used to for the next level of granularity where you derive an additional role based on the input attributes - we even had a special policy type called derived roles for it. This way your IdP roles stay simple - and your attribute level ones are dynamic based on the specific request