Broken Access Control is the #1 issue in OWASP 2021 Top 10Find Out More →

Do not reinvent
user permissions!

Cerbos is self-hosted, open source, declarative access control that integrates into your app in minutes.

Declarative fine-grained access

Create your own custom RBAC and ABAC policies. Define your own standards.

Scalable, fast, dynamic decisions

Our container runs in your environment and scales with your app. You are in total control.

Centralized access rules

Access the same access control decisions from every layer of your application.

Application Permissions

Go beyond roles - context aware access controll

Find out more

Product Packaging

Enforce access to features per customer

Find out more

Enterprise Ready

Manage complex organisation hierarchies

Find out more

Multi-tenant SaaS

Support multiple customer environments at scale

Find out more

Quick installation

Get up and running in minutes, not in weeks.

Free your developers

Don't waste precious developer time on building and maintaining permission infrastructure from scratch.

Configure rather than code

When requirements change, edit the configuration and not the code.

How it works

Get Cerbos up and running in minutes.

Deploy and run Cerbos

Launch Cerbos using the container or the standalone binary.

Define your policies

Write access policies, validate them using the Cerbos CLI and push to the policy repository (disk, git, or database). The server will automatically pick up the changes.

Check

Make API requests to Cerbos providing data about the context and receive access decisions instantly.

Simple

Define access policies using human readable YAML. No need to master a new policy language.

Super-charged Roles

Dynamically derive new roles based on contextual information. Don’t be limited to what your IdP provides.

Context-aware

Make use of context such as IP address and time of day to make realtime access decisions

Ultrafast API

Access decisions in milliseconds.

GitOps

Develop, test, and deploy policies just as you do with your source code.

Multiple Environments

Built-in policy versioning to support canary deployments and different environments.

Cloud Native

Containerised deployment as a microservice or a sidecar. REST and gRPC interfaces. Top-notch observability.

Audit Logs

Capture every decision and analyze them later.

Community

Leverage our community for examples and help.

Why choose Cerbos?

  • Policy-as-config model helps you get started immediately without spending time to learn a brand new policy language. Even non-developers will be able to understand your access rules.

  • Centralized permission logic: access the same permission decisions from everywhere on your stack. No need to make changes in multiple layers of your stack when permission logic changes.

  • Language-agnostic: All Cerbos interactions happen over REST or gRPC. Whether your environment is monolingual or polyglot, Cerbos will fit right in as long as your favorite language has an HTTP library.

  • Total control: Cerbos is fully-contained and deploys as a sidecar or as a microservice within your environment. There are no external dependencies. Everything runs within your local network.

  • Progressively onboard your product one component at a time. No need to rip and replace all of your existing layers. Start small, grow over time.

  • Native Git support: Use version control to track policy changes and leverage your existing CI/CD infrastructure to test, review and deploy policies on push.

  • Use your favorite tools: Cerbos policies are just YAML, so you can use your favorite IDE.

  • Open core: The core Cerbos engine is 100% open-source.

Ready to get started?

Let's keep in touch!

Please subscribe below to get notified about
all the new features and updates from Cerbos.

We use cookies and other forms of website navigational information to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted ads.

Read about how we use cookies in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.