https://cerbos.dev logo
#help
Title
# help
h

Hari Krishna Sunkari

01/24/2023, 3:58 AM
Im new to Cerbos and trying to solve the below use-case • User has an attribute
locations
• User has Roles like admin, viewer, etc.. • Resource Project has attribute
location
• both users and resources are dynamic, even the value of locations is bound to change. How to create Policies in Cerbos in such a way that • User can only access the resource if User
locations
has the resource location • User's level of access is controlled by the role of the User Can Cerbos also help Hierarchical access , like a manager/parent of a User can access all the data that a User can manage Thanks 🙏
e

Emre (Cerbos)

01/24/2023, 8:49 AM
Hi @Hari Krishna Sunkari You can use the
in
operator to check if any of the principals allowed locations matches the resource’s location. Example playground here: Check how
Resource 1
and
Resource 2
behaves differently. This way, each time you send a request, Cerbos will evaluate based on the
User
and `Principal`’s attributes. Regarding the roles, check how
Principal 1
and
Principal 2
behave differently based on the roles they have. You can find all the other conditions you can use in policies here. Re: Hierarchical access Cerbos does not maintain your directory information. Every request is stateless. When you pass a user’s role in each request, Cerbos will make a decision based on what roles are sent as part of the principal. So, the relationship of the user and manager are managed by your application.
h

Hari Krishna Sunkari

01/24/2023, 10:01 AM
cool, thanks @Emre (Cerbos)
5 Views