Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage.

Cerbos Community

Another random question while I'm here - is there a way to see specifically why an action was denied (or, I guess, where it hit it's first deny)? I'm imagining an engineer creating a policy, getting an unexpected deny, and then having trouble parsing through all the policies to know where the action was blocked

Yes! If you set the includeMeta flag in the request it will tell you which rule matched. You can also turn on the audit logging on the PDP instance to have it logged there also

<https://docs.cerbos.dev/cerbos/latest/configuration/audit.html>

Also, when running tests you can use `--verbose` to get an execution trace that should help explain test failures

Yup can you see it in the API call <https://docs.cerbos.dev/cerbos/latest/api/index.html#check-resources>