Introducing Cerbos Hub Playground engine settings

We have rolled out an update to the Cerbos Hub Playground that’s tailored for those of you who are building more complex policies and want a development experience that mirrors real-world deployments more closely.

This update introduces new settings in the Playground’s right-hand sidebar, letting you configure the Cerbos PDP engine used when evaluating policy during development, in a way that reflects your actual environment. You can find full details of these settings in the Cerbos configuration reference.

Let’s explore what’s new.

Default policy version

The first update is the ability to configure the default policy version. By default, if a request doesn’t explicitly specify the policy version, the Cerbos engine searches for a matching policy that has its version set to default. Now, you can change this fallback value by setting the default policy version in the Cerbos Hub Playground.

For instance, if you set the default version to v1, any request without a version specified will use resource policies with the version set as v1. This is valuable for making sure that your policies behave as expected when versions aren’t explicitly defined in requests.

Lenient scope search

Next up is lenient scope search. Scopes are a powerful way to organize and manage policies for hierarchical environments. However, setups can get tricky when a specific scope doesn’t exist for a request.

With lenient scope search enabled, the engine will fall back to the parent scope. If you’re looking for a policy under a.b.c and it does not exist in the store, the engine will check for a.b, then a, and finally a global scope. This makes your policy hierarchy more flexible and reduces the risk of unexpected denials.

For example, if you’re building a multi-tenant application. You have a tenant-specific policy under tenantA, but no policy for tenantA.group1. With lenient scope search, requests for tenantA.group1 can automatically fall back to tenantA. No manual policy duplication is needed.

Globals

Finally, global variables allow you to pass environment-specific information into your policy conditions during evaluation. You can emulate the use of these variables directly in the Playground.

Say you have a policy rule that denies all actions unless the environment is set to production. You can define a global variable, set it to staging, and see how the policy behaves. Flip it to production, and instantly verify that the actions are now allowed. This capability is useful for testing policies that depend on deployment-specific configurations.

Explore these new updates

Navigate to the Cerbos Hub Playground, go to the Settings tab in the sidebar, and start configuring your engine settings. We’re excited to see how you’ll use these new capabilities to streamline your policy development process.

As always, we’re here to help. Join our Slack community or visit our GitHub to share your feedback and ask questions.