In Cerbos lingo how does one ask for the authorizations a pr

Question

In Cerbos lingo how does one ask for the authorizations a principle has on a resource My case is users have access to different privilidge levels on devices I want to spit out priv level 1 2 or 3 Do I define these levels as actions And then request for all of them in one cerbos request

Andrew Haines (Cerbos) · Answer

Hi < sdktr> yes it sounds like you could model that with actions and use to check all the privilege levels in one request The one thing I wonder is if privilege levels end up working a bit like roles are there different actions you can perform with a device if you have priv level 3 vs 1 If so it might be preferable to model those actions directly in the policies

sdktr · Answer

Nice catch The priv levels indeed end up being used as roles in the device I m tinkering around using cerbos as a backend for a tacacs+ server This priv level will be sent down to the device where it s mapped to a set of commands a user should be able to run <https networklessons com cisco ccie routing switching aaa local command authorization|https networklessons com cisco ccie routing switching aaa local command authorization>

sdktr · Answer

Now this technique allows for authorizing each command that is entered in the CLI as well In that case hunderds of different actions could end up in the policy I m hoping they support regex as well If not we ll have to keep these commands as a custom variable I believe they do support wildcard matches