Hi, I'm new, I'm learning. Watched <this recent p...
# help
Hi, I'm new, I'm learning. Watched this recent pinned video just now and a question crossed my mind: ā€¢ In the example, the "manager" role can only approve expenses <$500, then changes it later to <$1000, this makes sense. ā€¢ How would you recommend supporting if that $ amount was variable, a setting that could be changed in the app by an admin for example? So it couldn't be hard coded in the policy?
My initial thought so far is you'd have to send a "resource" that was really multiple resources, one part for the expense, and one part for that configuration, so maybe something like:
Copy code
resource: {
  expense: ...,
  expenseSettings: ...,
Are there other ideas/best practices around something like that?
You can store the limits per user in your database and send the value as a principal attribute in the Cerbos request.
Ahh, yes, if it was per user it may end up in or near the principle data anyways. šŸ‘ Generally though it's either gonna be mix it with the principle or the resource though, is what I'm grasping, right? Which makes sense, just double checking my understanding.
Yes. If you have any data points that are important for making an access decision, those need to be sent to Cerbos as attributes of either the principal or the resource.
šŸ‘ Thank you!