Hey @Ben Hall Thanks for joining our Slack community. How can we be of help? What is your usecase for user permissions and access control?

Looking to implement a permissions system into our product - we’re wanting to add column level data control, e.g. we can specify that user X or role X cannot see Column A but user Y or role Y can see Column A, is this possible with Cerbos? On top of this, trying to find out some specs for scalability, how does Cerbos scale? Does it contain support for GraphQL (gqlgen) out of the box? If not, is there a way you recommend to look into this? Does it support inheritance? Sorry if all of these answers are available online, I just find talking to someone easier than fishing around on a site 😄

No worries - answers below: The recommend approach for column level security is to define each column/group as an action of the resource. Then in your app when you need to check permissions, provide the set of column names in the action list and cerbos will tell you which ones the user is allowed to access. Scalablity wise, Cerbos is stateless and thus can be deployed and scaled up along side you app as much as needed. We recommend the sidecar model if you are in kubernetes. There isn’t a gqlgen plugin, but we do have this reference project for using Cerbos in a GQL server. Policies support inheritance via scopes. Finally, If you are keen we would love to have a more detailed chat with your about your use case and we can chat more about the above. Pick some time at https://go.cerbos.io/workshop

Thank you! I’ll forward these reponses to the other members of the team and let you know 😄