https://cerbos.dev logo
Title
b

B Cerkezi

09/08/2022, 9:45 AM
Hey team - very basic question, when making a request and sending the Principal object, why is an empty/null
Principal.Roles
not allowed? Is the idea that we should make the decision in code to reject the request without sending it to cerbos?
c

Charith (Cerbos)

09/08/2022, 9:53 AM
Hi. Policy rules require at least one role to be known. That's because access rules are not usually written for individual users but for a group of users (as an indirection). So that's why
principal.roles
is mandatory. If you don't have any, you can make up something instead.
e

Emre (Cerbos)

09/08/2022, 10:36 AM
Hi @B Cerkezi, What is your use case? Anything else we can help with?