Cerbos

Cerbos: A Self-Hosted, Open Source User Authorization Layer

Cerbos is a self-hosted, open source user authorization layer designed to provide a centralized and structured way to manage access control for your applications. The project allows you to define resources in YAML files, which are then executed by the Cerbos Policy Decision Point (PDP) service. This stateless service provides two primary APIs: CheckResources, which determines whether a principal can access a specific resource, and PlanResources, which identifies which resources a principal can access.

Main Features of Cerbos

• Policy Definition: Define resources in YAML files, following a simple and structured format.
• Cerbos PDP (Policy Decision Point): A stateless service that executes policies and makes decisions. It can be deployed as a separate process in Kubernetes, as a systemd service, or as an AWS Lambda function.
• APIs: Two primary APIs are provided:
  • CheckResources: "Can this principal access this resource?"
  • PlanResources: "Which of resource kind=X can this principal access?"
• SDKs: SDKs are available for calling the APIs via cURL, and query plan adapters can be used to convert responses to a convenient query instance.

Overall, Cerbos provides a flexible and customizable way to manage user authorization and access control for your applications.