Hello all! As always thanks for prompt answers to questions here. I'm currently sharing around Cerbos as a solution and have been able to field a lot of questions, but one came up that I don't have any insight into: Most use-cases I've run into are perfectly suited for making a request and then authorizing each resource, But in some cases, like queries to ElasticSearch, that isn't possible (prevents pagination, etc.) What's the Cerbos way of handling a use-case like this?

Hey Ryan

I see, so conceptually, let's say for some sort of resource search or bulk approval process: 1. App logic receives principal information 2. App calls Cerbos with the principal, action, and resource kind 3. Cerbos returns the AST of how to filter 4. It's up to the app to interpret that and then execute the search appropriately

That’s correct!

I can see the value in this approach! It sounds like we'd have to write our own ElasticSearch query plan adapter in the meantime, are there any query plan adapters on a roadmap? They seem to share a fair amount of logic so I'm not too concerned about it, our cases are pretty manageable rn

Queryplan adapters roadmap would be nice to have visibility on- yes! We use .net Entity Framework, so +1 on that one.

We are open to suggestions (and PRs 😜) - which do you need @Ryan Killeen ?