Question: If i have 10 users, and 15 databases, an...
# helpj
Jesum Yip
12/17/2021, 4:34 AMQuestion: If i have 10 users, and 15 databases, and I want to control in a very granular way which database each user can view, what's the best way to set this up as policies? I define 15 resource policies? And each of the 10 users have their own roles?
d
Dennis (Cerbos)
12/17/2021, 4:38 AM
A resource kind per database or a resource kind can span several databases?
Dennis (Cerbos)
12/17/2021, 4:41 AM
If you have 15 distinct resource kinds, then yes 15 resource policies.
Dennis (Cerbos)
12/17/2021, 4:46 AM
Although, both resources and users may have attributes, so instead of creating a separate role and/or a separate resource kind you may use their attributes to evaluate a policy outcome. IMO this is more of a data modelling exercise.
j
Jesum Yip
12/17/2021, 5:31 AMHmmm ok. I am facing some technical limitations with okta and am exploring the possibility of moving some of this logic to cerbos.
Jesum Yip
12/17/2021, 5:32 AMBut you brought up a good point on whether the resource can span several databases.
Jesum Yip
12/17/2021, 5:32 AMI'll go do more thinking.
6 Views