Can this be a derivedrole?
# helpj
Jesum Yip
02/07/2022, 7:35 AMCan this be a derivedrole?
c
Charith (Cerbos)
02/07/2022, 8:33 AM
No. Principal policies are for overriding rules for particular users.
Charith (Cerbos)
02/07/2022, 8:35 AM
What are you trying to achieve?
j
Jesum Yip
02/07/2022, 8:38 AMJust trying to understand Principal policies better.
Jesum Yip
02/07/2022, 8:38 AMI think I won't be writing Principal policies. I derive all my identities from JWTs and attr key/value pairs. So Principal policies don't make sense for my use cases.
Jesum Yip
02/07/2022, 8:39 AMI wouldn't want a specific User-X to have overriding rules.
c
Charith (Cerbos)
02/07/2022, 8:40 AM
Makes sense. Principal policies are mostly for exceptional cases like giving an auditor temporary access.
j
Jesum Yip
02/07/2022, 10:13 AMExactly what I was thinking as well. A regulatory / oversight body is a good fit for this feature. Thank you.
4 Views