Hari Krishna Sunkari

01/24/2023, 3:58 AM
Im new to Cerbos and trying to solve the below use-case • User has an attribute
• User has Roles like admin, viewer, etc.. • Resource Project has attribute
• both users and resources are dynamic, even the value of locations is bound to change. How to create Policies in Cerbos in such a way that • User can only access the resource if User
has the resource location • User's level of access is controlled by the role of the User Can Cerbos also help Hierarchical access , like a manager/parent of a User can access all the data that a User can manage Thanks 🙏

Emre (Cerbos)

01/24/2023, 8:49 AM
Hi @Hari Krishna Sunkari You can use the
operator to check if any of the principals allowed locations matches the resource’s location. Example playground here: Check how
Resource 1
Resource 2
behaves differently. This way, each time you send a request, Cerbos will evaluate based on the
and `Principal`’s attributes. Regarding the roles, check how
Principal 1
Principal 2
behave differently based on the roles they have. You can find all the other conditions you can use in policies here. Re: Hierarchical access Cerbos does not maintain your directory information. Every request is stateless. When you pass a user’s role in each request, Cerbos will make a decision based on what roles are sent as part of the principal. So, the relationship of the user and manager are managed by your application.

Hari Krishna Sunkari

01/24/2023, 10:01 AM
cool, thanks @Emre (Cerbos)