You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to know if there is a way to add permissions dynamically, for example, I would like to configure my application so that the user with id 10 does not have permission to such a resource, and that this would be added within the policies, but then instead of only the user with id 10, but also the user with id 12, and at some point remove the user with id 10
What would the ideal solution look like to you?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered:
It sounds like you're trying to implement an access control list (ACL). One way to do that is to store the mapping of resource to users in your own database. Databases are optimized for set membership checks over very large sets so you can do that preliminary check first and make the result an attribute of the principal (e.g. is_in_acl). It would then become one of the conditions in your Cerbos policy (P.attr.is_in_acl == true) and you can combine that with the other context-sensitive security rules you need in addition to the simple ACL membership check (e.g. is the request being made from a trusted IP range during office hours).
Is there an existing issue for this?
Feature description
I want to know if there is a way to add permissions dynamically, for example, I would like to configure my application so that the user with id 10 does not have permission to such a resource, and that this would be added within the policies, but then instead of only the user with id 10, but also the user with id 12, and at some point remove the user with id 10
What would the ideal solution look like to you?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: