Hello everyone, I am using cerbos in my project and have created policy based on my need. But now I want to enforce a policy for all resources based on my principal attributes. How can I achieve that. For example my principal is:

principal: {
  id: "123",
  roles: ["Editor"],
  policyVersion: "default",
  attributes: {
    is_verified: user.is_verified,
  },
},

Here in my attributes I have

is_verified

flag so I want to check if the user is verified then only check any other policy for the user. Because if my user is not verified then I want to block all his access. It would be really helpful for me if anyone can provide me the solution.

Can an unverified user do anything at all? If not, then I'd say you could simply just reject unverified users straightaway from your application entrypoint. Otherwise, the way to achieve this is to create a derived role that activates for verified users only. Then, in your resource policies, write all rules targeting that derived role. That way all unverified users will be automatically rejected by Cerbos.

Thank you @Charith (Cerbos) for your suggestion. I will block the unverified user on my application level then.