Another random question while I'm here - is there ...
# helpm
Maggie Walker
08/31/2022, 3:48 PMAnother random question while I'm here - is there a way to see specifically why an action was denied (or, I guess, where it hit it's first deny)? I'm imagining an engineer creating a policy, getting an unexpected deny, and then having trouble parsing through all the policies to know where the action was blocked
a
Alex Olivier (Cerbos)
08/31/2022, 3:49 PM
Yes! If you set the includeMeta flag in the request it will tell you which rule matched. You can also turn on the audit logging on the PDP instance to have it logged there also
Alex Olivier (Cerbos)
08/31/2022, 3:49 PM
m
Maggie Walker
08/31/2022, 3:54 PMawesome, thanks!
a
Andrew Haines (Cerbos)
08/31/2022, 3:54 PM
Also, when running tests you can use
--verbose🙏 1
m
Maggie Walker
08/31/2022, 4:01 PMis
includeMetaa
Alex Olivier (Cerbos)
08/31/2022, 4:02 PM
Yup can you see it in the API call https://docs.cerbos.dev/cerbos/latest/api/index.html#check-resources
🙏 1
3 Views