Jesum Yip
01/17/2023, 8:12 AMEmre (Cerbos)
01/17/2023, 8:36 AMSam Lock (Cerbos)
01/17/2023, 10:24 AMJesum Yip
01/18/2023, 1:11 AMapiVersion: api.cerbos.dev/v1
resourcePolicy:
resource: "attack_patterns"
version: "production"
rules:
- actions:
- "read"
effect: EFFECT_ALLOW
roles: ["*"]
condition:
match:
all:
of:
- expr: has(request.aux_data.jwt.aud)
- expr: >
"my.custom.audience" in request.aux_data.jwt.aud
so the roles aren't really important at this stage since i'm focused on the data. the policy above limits access to a very wide net (by aud
). that can be further refined with the addition of roles and actions. however, the key is the YAMLs i write are a 1:1 mapping of a policy to a dataset.Sam Lock (Cerbos)
01/19/2023, 11:33 AM