grid

Implement roles and permissions in your application in minutes

Scalable and extensible authorization service for developer, product and security teams.

Join hundreds of leading companies using Cerbos

The world's leading crypto finance house serving people, projects, protocols and institutions since 2011.
Multiservice utility provider, trusted by over 700,000 customers.
Creating a world where workplaces work better.
The leading microfinance institution in Africa.
The leading European analyst firm in identity and access management.
A leading youth culture ecommerce and content platform.
The experts in medical imaging technology.
Making the world a better place to work together.
An early stage tech venture investor.
The collaborative platform to build conversational AI.
The intelligence decision action platform.
The fastest development platform.
The leading contract creation and collaboration platform.
One of the world's fastest-growing global technology services provider.
The faster, smarter way to find leveraged finance intelligence.
The only video platform designed to help salespeople break through.
People analytics platform: Fast track to the insights behind your people data.
Advanced malware and phishing analysis.
Leading search intelligence platform for the open web.
Logistics payments without the logistics.
Automated financial operations.
A react-based framework for building internal tools, rapidly.
Superpowered corporate card with built-in instalments.
The data-driven inventory management software for restaurants.
The financial operating system that automates cash.
Making the world a better place to work together.
Build and manage residential investment portfolios.
Securely manage application secrets and configurations.
A discussion-first platform without language issues.
Collaborative team design canvas that equips tech leaders to make smarter org design decisions.
The world's leading crypto finance house serving people, projects, protocols and institutions since 2011.
Multiservice utility provider, trusted by over 700,000 customers.
Creating a world where workplaces work better.
The leading microfinance institution in Africa.
The leading European analyst firm in identity and access management.
A leading youth culture ecommerce and content platform.
The experts in medical imaging technology.
Making the world a better place to work together.
An early stage tech venture investor.
The collaborative platform to build conversational AI.
The intelligence decision action platform.
The fastest development platform.
The leading contract creation and collaboration platform.
One of the world's fastest-growing global technology services provider.
The faster, smarter way to find leveraged finance intelligence.
The only video platform designed to help salespeople break through.
People analytics platform: Fast track to the insights behind your people data.
Advanced malware and phishing analysis.
Leading search intelligence platform for the open web.
Logistics payments without the logistics.
Automated financial operations.
A react-based framework for building internal tools, rapidly.
Superpowered corporate card with built-in instalments.
The data-driven inventory management software for restaurants.
The financial operating system that automates cash.
Making the world a better place to work together.
Build and manage residential investment portfolios.
Securely manage application secrets and configurations.
A discussion-first platform without language issues.
Collaborative team design canvas that equips tech leaders to make smarter org design decisions.
bg

Cerbos

Decouple authorization management from your core code using the stateless Cerbos solution. Focus on delivering exceptional products, not maintaining the authorization infrastructure.

shield

Fine-grained access control with RBAC, ABAC, and beyond

Context-aware role definitions and attribute-based access control. Implement adaptable, granular security policies that exceed standard role-based access control.

shield

Streamline access policy management

Implement and update authorization policies in human-readable configuration. Improve visibility, collaboration and security.

shield

Permissions aware data filtering

Query for and only fetch the objects a principal has permissions to. Generate a dynamic set of conditions to filter based on access policy.

shield

Stateless and scalable

Stateless decision points that run inside your environment or at the edge (powered by WebAssembly) allow virtually unlimited scale.

What our users say about Cerbos

avatar

Rob, Principal Engineer
@ Utility Warehouse

"It's weird to say an outside company has our back, but Cerbos does. It's the people. It's their open-source code: it's high quality, you can read it, it does what it says on the tin"

avatar

Joe, Software Engineer
@ 9fin

"It's a good feeling being able to say yes to almost any permissioning requirement." "Cerbos is small, contained and easy to implement. It 100% delivers on the promise of abstracting away the complexity of decision making."

avatar

David, Senior Software Engineer
@ Salesroom

"We're not worried about scaling because we can easily increase our load on Cerbos. It will also be easy for us to change how we're distributing policies as we reach different points of scale."

avatar

Joe, CEO & Co-Founder
@ Nook

"We went from one user - every role, to a world where there are many users - many roles. And the product, it relies on Cerbos to actually bring the value that we want to bring to customers. All of our customers are relying on Cerbos, by relying on the product, which is of course relying on Cerbos."

avatar

Chuck, Head of Engineering
@ Salesroom

"Instead of thinking of how much time Cerbos has saved us, I think about how much time it didn't cost us. It didn't cost us any time. Cerbos just works. I don't have to think about it. It's as simple as that."

avatar

Steve, Staff Engineer
@ NTWRK

"One of our big considerations was speed. We have strict latency tolerances. When it comes to Cerbos - you can call it a hundred times during a request and it doesn't matter. It's incredibly fast."

avatar

Engin, Head of Product and Growth & Co-Founder
@ Debite

"If it wasn't for Cerbos, one thing is for sure - we would've launched later than we did. As a result, we would have less customers. And the maintenance part is also very important. Our technical team would be dealing with daily stuff regarding access controls, access logs. Now, we don't have to spend any time on that."

avatar

Rounak, Founding Engineer
@ CommandK

"Cerbos policy writing is quite flexible, and deploying as a unit microservice as well. Cerbos "doesn't get in the way" once integrated, that's the best part."

avatar

Romina, Tech Lead
@ Wizeline

"It is easy to implement and provides a solution for a problem that is often not properly addressed."

avatar

Henry, CTO & Co-Founder
@ Nook

"Having the separation of the permissions from the code base just makes the code base more elegant. It makes the permissioning more elegant. It means they're centralized, so they're not tied to specific endpoints. And ultimately it means that different business owners have the ability to actually make updates."

avatar

Rasmus, CTO
@ Firtal

"Just discovered your embedded testing framework. This is probably the best balance between hyperfocused functionality and embedded tooling I've ever seen in an open source project. Damn, good work!"

Elevate your developer journey with Cerbos

shield

Low-latency authorization checks

Stateless Cerbos Policy Decision Points (PDP) run in your environment and scale with your application. Deployed as a microservice in your VPC or evaluated at edge/on-device via WebAssembly, decisions are always made locally without requiring any lookups.

shield

Policy Hub Playground

Cerbos Hub's fully-featured collaborative IDE for developing, iterating and testing policy provides instant feedback on changes and integrates into your Git-based workflow.

shield

Testable authorization with GitOps

Implement a reliable CI/CD workflow with Cerbos' GitOps approach. Test and deploy intricate access control policies with confidence, enhancing your delivery quality. Reduce human errors and enhance security.

shield

Auditable authorization

Capture every action tried and every decision made by your application in a consistent audit trail, compatible with your existing log collection or SIEM platform. Conform to ISO27001, SOC2 and HIPAA compliance with versioned and auditable decision chain.

shield

Coordinated rollout and monitoring

Cerbos Hub streamlines policy updates with centralized management and real-time policy deployment. Gain insights into deployed PDP instances, tracking active policies, their versions, and more. Ensure all PDPs are synchronized and up-to-date.

shield

Pre-built integrations and policies

Get up and running in minutes with the Cerbos SDKs or complete starter projects for common frameworks, servers, ORMs and identity providers. Start from templated policies for your vertical to get the basics in place fast, then customize for your business.

Decouple authorization logic from your application code

#1

Replace the spaghetti if/else case/switch code with a single function call.

if (user.email.includes("@mycompany.com") ||
  (user.company.package === "premium" && user.groups.includes("managers"))
) {
  if(user.region === resource.region) {
    // access allowed
    AuditLog.record("ALLOWED", "edit", user, resource);
  } else {
    // access denied
    AuditLog.record("DENIED", "edit", user, resource);
  }
} else {
  // access denied
  AuditLog.record("DENIED", "edit", user, resource);
}
if (await cerbos.isAllowed({ principal: user, resource, action: "edit" })) {
  // allowed
} 

Before

After

#2

Define the RBAC and ABAC rules in standardized policies.

playground

#3

Call Cerbos API from anywhere in your stack - New requirements, new policies and conditions can be introduced without having to make a change to your core application.

if (user.email.includes("@mycompany.com") ||
  (user.company.package === "premium" && user.groups.includes("managers"))
) {
  if(user.region === resource.region) {
    // access allowed
    AuditLog.record("ALLOWED", "edit", user, resource);
  } else {
    // access denied
    AuditLog.record("DENIED", "edit", user, resource);
  }
} else {
  // access denied
  AuditLog.record("DENIED", "edit", user, resource);
}
if (await cerbos.isAllowed({ principal: user, resource, action: "edit" })) {
  // allowed
} 

Before

After

bg

Cerbos benefits for different roles

shield

Developers

Replace complicated authorization logic with a single call and allow product owners or security teams to manage access without touching code.

shield

Product Managers

Define and evolve complex policies without requiring further developer time.

shield

Security teams

Track and audit access requests, grants and denials without without requiring further developer effort.

Most popular resources

laptop

Cerbos Policy Decision Point

Want to run authorization yourself?

laptop

Playground

Prototype policies in your browser right now

laptop

Docs

Check out our API reference and guides

laptop

Slack community

Join our community on Slack and learn

laptop

Success stories

Stories of Cerbos in production

laptop

Speak to an engineer

Book an intro call and learn more