The latest release of Cerbos adds a new major capability with scoped policies, a streamlined way to get started with the
run command and support for SQL Server as a storage engine.
This release introduces the concept of scoped policies to address the common use case of modelling hierarchical relationships. The new
scope field of resource and principal policies allows you to define a dot-separated string describing their position in the hierarchy.
At runtime, based on the scope defined by the API request, the Cerbos engine moves upwards through the set of policies in the hierarchy until one of them produces a decision. With this feature you can define a base set of access policies that can then be overridden for particular departments, tenants or any other unit of access control that makes sense for your application.
You can find the full documentation here.
$ cerbos run -- ./your-app
Another new feature in this release is the introduction of the
cerbos run command. This command can be used as a test runner or even as a quick way to try out Cerbos. It launches a Cerbos instance in the background (loading any policies found in the policies directory) and then runs the user-provided command.
Two environment variables named
CERBOS_GRPC are injected to the environment of the child process so that it can discover the Cerbos PDP. When the child process exits, the Cerbos instance is automatically shutdown as well.
For more information, see the cerbos run documentation.
In addition to MySQL, Postgres and SQLite, this release also adds support for using Microsoft SQL Server as a storage backend. These database backends enable use of the Admin API to manage policies dynamically from your application rather than using static policy files.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team