Title
#help
n

Nimit

11/17/2022, 10:32 AM
hi All, quick question.. i want to have a parent-child relation for my policy, is that possible? I have 2 resources "child" and "parent" .. in cerbos can i define a policy wherein when i access child.. the parent is checked first followed by the explicit child policy ? Just to add .. i am using the scope already for another variable.
Alex Olivier (Cerbos)

Alex Olivier (Cerbos)

11/17/2022, 10:46 AM
Do you have an example? I don’t quite get the use case
n

Nimit

11/17/2022, 10:55 AM
mmm .. say theres a policy-child {resource: "CHILD", effect: "ALLOW"} policy-parent {resource : "PARENT", effect: "DENY"} Can i establish a relation between the 2 policies OR the 2 resources CHILD -- depends on -- > PARENT Where in if the principal checks access to CHILD resource ... it is made to checks its access against the PARENT resource first.. if that is allow then it further checks access to CHILD ? In the above case as the PARENT is denying access, when the principal tries to access CHILD .. it is denied access
Alex Olivier (Cerbos)

Alex Olivier (Cerbos)

11/17/2022, 10:57 AM
Ok i think I get it. There is no way today to set dependancies between policies. One way to maybe do it is to have a “allowed_access_to_parent” derived role, but that would require passing the context about the parent and the child in the request