m

    Maggie Walker

    3 weeks ago
    Another random question while I'm here - is there a way to see specifically why an action was denied (or, I guess, where it hit it's first deny)? I'm imagining an engineer creating a policy, getting an unexpected deny, and then having trouble parsing through all the policies to know where the action was blocked
    Alex Olivier (Cerbos)

    Alex Olivier (Cerbos)

    3 weeks ago
    Yes! If you set the includeMeta flag in the request it will tell you which rule matched. You can also turn on the audit logging on the PDP instance to have it logged there also
    m

    Maggie Walker

    3 weeks ago
    awesome, thanks!
    Andrew Haines (Cerbos)

    Andrew Haines (Cerbos)

    3 weeks ago
    Also, when running tests you can use
    --verbose
    to get an execution trace that should help explain test failures
    m

    Maggie Walker

    3 weeks ago
    is
    includeMeta
    in the docs somewhere?
    Alex Olivier (Cerbos)

    Alex Olivier (Cerbos)

    3 weeks ago