Hello all, Getting an incorrect response from

/api/check/resources

API. In the policy, we defined the

role CDO

can access resource

dealership_referral_api

with the action

read and edit

. But when we validate the request using

/api/check/resources

API, sometimes we get "EFFECT_ALLOW" and sometimes we get "EFFECT_DENY". I've given the setup, configuration, and screenshot below. Kindly help me to resolve this issue. Deployed cerbos on lambda - API Gateway URL cerbos-config:

auxData:
  jwt:
    disableVerification: true
server:
  adminAPI:
    enabled: true
    adminCredentials:
      username: <USER_NAME>
      passwordHash: <PASSWORD>
  playgroundEnabled: true
storage:
  driver: "mysql"
  mysql:
    dsn: "user:password@tcp(host:3306)/db_name"

1. How often do you get EFFECT_DENY? 2. Do you see anything interesting in the log when you get EFFECT_DENY? I ran a few tests using the above endpoint. I sent 500+ requests in total and got EFFECT_ALLOW every time… except one. I don’t know what the response was. It might be EFFECT_DENY or an error. I added more error handling to my script, but no luck - it is always EFFECT_ALLOW since then. I refrained from sending too many requests to the endpoint minding your cloud cost.

We are also unable to reproduce the same error. Maybe some response cache issue or something else. However we have moved to Production and awaiting for similar reportings from the users or the logs. It has been 2 days and no issues so far. Will keep tracking this in our product.