The Cerbos Policy Decision Point (PDP) for your software provides a simple, yet powerful solution for authorization that can be up and running in minutes. Cerbos PDP helps you separate your authorization logic from your core application code, making your authorization system infinitely scalable, more secure and easier to change as your application evolves.
Cerbos' human-readable configuration promotes organizational visibility and collaboration, making it easier to enforce security policies and audit compliance requirements. This approach enables seamless cooperation with product management and security teams to update authorization policies without altering core application code.
Cerbos offers context-aware role definitions and attribute-based access control, empowering you to implement adaptable, granular security policies that exceed standard role-based access control.
As a stateless, self-hosted solution, Cerbos can run on public / private clouds, serverless platforms, or your data center, ensuring 100% control within your perimeter.
Cerbos' language-agnostic API is adaptable across your stack and works in any layer of your application. Whether it's legacy apps, monoliths, microservices, frontend, or backend - you can seamlessly integrate Cerbos into your existing ecosystem.
Cerbos ensures compliance with ISO27001, SOC2, and HIPAA requirements through real-time change logs for auditing access controls. Integration with security information and event management (SIEM) providers helps mitigate threats to security.
Implement Cerbos using its API-first approach. Integrate with software by utilizing SDKs for popular languages, or a simple API for other languages. Seamlessly integrate with frameworks.
Self-host Cerbos in your environment. Achieve infinite scalability by deploying Cerbos PDP using serverless functions or a sidecar deployment model. Pick the ideal container orchestration method for you.
Deploy, manage and scale authorization without having to synchronize application state or rely on slow network fan-out. Cerbos PDP makes decisions based on the latest data every time.
Manage, test and deploy fine-grained access control policies with confidence using a CI/CD / GitOps workflow. Reduce human errors and enhance security.
Use any identity provider to authenticate your users. Use Cerbos to enforce access controls. Cerbos natively supports JWT for integration with numerous authentication providers.
Decouple data filtering requests from the code via a query plan API, managed by the same policies as application access, providing consistent and simplified change management of access.
Add or update policies to the running Cerbos instance using the Cerbos Admin API to simplify administration functions. With Cerbos, policy changes are not just easy, but instantaneous.
Keep track of every request and action through Cerbos’ comprehensive audit logs, capturing every decision made in the application. Achieve transparency, accountability, and compliance.
"It's weird to say an outside company has our back, but Cerbos does. It's the people. It's their open-source code: it's high quality, you can read it, it does what it says on the tin"
"It's a good feeling being able to say yes to almost any permissioning requirement." "Cerbos is small, contained and easy to implement. It 100% delivers on the promise of abstracting away the complexity of decision making."
"We're not worried about scaling because we can easily increase our load on Cerbos. It will also be easy for us to change how we're distributing policies as we reach different points of scale."
"We went from one user - every role, to a world where there are many users - many roles. And the product, it relies on Cerbos to actually bring the value that we want to bring to customers. All of our customers are relying on Cerbos, by relying on the product, which is of course relying on Cerbos."
"Instead of thinking of how much time Cerbos has saved us, I think about how much time it didn't cost us. It didn't cost us any time. Cerbos just works. I don't have to think about it. It's as simple as that."
"One of our big considerations was speed. We have strict latency tolerances. When it comes to Cerbos - you can call it a hundred times during a request and it doesn't matter. It's incredibly fast."
"If it wasn't for Cerbos, one thing is for sure - we would've launched later than we did. As a result, we would have less customers. And the maintenance part is also very important. Our technical team would be dealing with daily stuff regarding access controls, access logs. Now, we don't have to spend any time on that."
"Cerbos policy writing is quite flexible, and deploying as a unit microservice as well. Cerbos "doesn't get in the way" once integrated, that's the best part."
"It is easy to implement and provides a solution for a problem that is often not properly addressed."
"Having the separation of the permissions from the code base just makes the code base more elegant. It makes the permissioning more elegant. It means they're centralized, so they're not tied to specific endpoints. And ultimately it means that different business owners have the ability to actually make updates."
"Just discovered your embedded testing framework. This is probably the best balance between hyperfocused functionality and embedded tooling I've ever seen in an open source project. Damn, good work!"
Fine grained context aware permissions.
Provide trials, feature bundles and custom packages for customers.
Manage complex organizational requirements.
Support multiple customer environments at scale.
a managed control plane for Cerbos
Stateless Cerbos Policy Decision Points (PDP) run in your environment and scale with your application. Deployed as a microservice or binary in your VPC or cluster, or evaluated at edge/on-device via WebAssembly with Cerbos Hub, decisions are always made locally without requiring any lookups or queries to the cloud.
Cerbos Hub streamlines policy updates with centralized management, pushing policy changes proactively to all Policy Decision Points for seamless rollouts. Gain insights into deployed ADP instances, tracking active policies, their versions, and more, ensuring all PDPs are synchronized and up-to-date.
Write tests along side your authorization logic to ensure complete coverage and expected decisions. Cerbos Hub's CI pipeline compiles, validates and tests every change. Configurable deployment labels enable branch, tag or commit-based rollouts to Policy Decision Points in your environments.
Cerbos Hub's fully-featured collaborative IDE for developing, iterating and testing policy provides instant feedback on changes, has an automated test runner and integrates into your git-based workflow enabling evolution of authorization policy with ease.
Want to run authorization yourself?
Prototype policies in your browser right now
Check out our API reference and guides
Join our community on Slack and learn
Stories of Cerbos in production
Book an intro call and learn more
Join thousands of developers | Features and updates | 1x per month | No spam, just goodies.