Siddharth Pansuria
05/14/2025, 5:40 PMSiddharth Pansuria
05/14/2025, 5:41 PMapiVersion: api.cerbos.dev/v1
rolePolicy:
role: "supportcoordinator"
rules:
- resource: BI&Reporting
allowActions:
- access
- resource: Billing
allowActions:
- access
condition:
match:
expr: 18 in P.attr.modules
- resource: DocumentCenter
allowActions:
- accessDocumentsTab
condition:
match:
expr: 14 in P.attr.modules
- resource: EVV
allowActions:
- access
condition:
match:
expr: 11 in P.attr.modules
- resource: FinancialReporting
allowActions:
- access
condition:
match:
expr: 19 in P.attr.modules
- resource: SecureCommunication
allowActions:
- access
condition:
match:
expr: 21 in P.attr.modules
- resource: FormBuilder
allowActions:
- access
condition:
match:
expr: 15 in P.attr.modules
- resource: TeleHealth
allowActions:
- access
condition:
match:
expr: 17 in P.attr.modules
- resource: Scheduler
allowActions:
- accessSchedulerTab
- access
condition:
match:
expr: 20 in P.attr.modules
- resource: TimeManagement
allowActions:
- accessTimesheetsTab
condition:
match:
expr: 12 in P.attr.modules
This is the role policy I have defined.Siddharth Pansuria
05/14/2025, 5:44 PM{
"principal": {
"id": "700869",
"roles": [
"supportcoordinator"
],
"attr": {
"states": [
"NJ"
],
"modules": [
57,
55,
54,
50,
52,
53,
58,
56,
80,
60,
62,
68,
67,
66,
64,
65,
63,
61,
101,
69,
99,
71,
72,
19,
21,
16,
17,
12,
15,
20,
11,
14,
18,
22
],
"company_type": 101
}
},
"resources": [
{
"resource": {
"kind": "LocateTab",
"id": "LocateTab#700869"
},
"actions": [
"access"
]
},
{
"resource": {
"kind": "NewTab",
"id": "NewTab#700869"
},
"actions": [
"access"
]
},
{
"resource": {
"kind": "EVV",
"id": "EVVNJ#700869",
"attr": {
"evv_state": "NJ"
}
},
"actions": [
"accessEVVTab"
]
},
{
"resource": {
"kind": "EVV",
"id": "EVVAZ#700869",
"attr": {
"evv_state": "AZ"
}
},
"actions": [
"accessEVVTab"
]
},
{
"resource": {
"kind": "TimeManagement",
"id": "TimesheetsTab#700869"
},
"actions": [
"accessTimesheetsTab"
]
},
{
"resource": {
"kind": "Billing",
"id": "BillingTab#700869",
"attr": {
"billing_state": "NJ"
}
},
"actions": [
"accessBillingTab"
]
},
{
"resource": {
"kind": "DocumentCenter",
"id": "DocumentsTab#700869"
},
"actions": [
"accessDocumentsTab"
]
},
{
"resource": {
"kind": "Scheduler",
"id": "SchedulerTab#700869"
},
"actions": [
"accessSchedulerTab"
]
}
]
}
This is my request object. I am not sure what is wrong here. I have not added any parent roles as of now since I wanted to test if this will work for a totally custom role.Alex Olivier (Cerbos)
Siddharth Pansuria
05/15/2025, 3:36 PM