How Cerbos works

Published by Alex Olivier on October 17, 2023
How Cerbos works

We're excited to announce a brand new video that takes a deep dive into how Cerbos can integrate seamlessly into your existing software ecosystem. We go through its functionality, main features, and the benefits of using Cerbos for fine-grained authorization in your applications.

How Cerbos fits into your stack

Think of your software stack as a busy airport terminal where passengers (requests) have to go through security (authentication and authorization) before boarding their flights (accessing resources). Cerbos acts like an advanced security system that ensures only authorized passengers get through.

Your application, whether it's a monolith or a microservices architecture, first authenticates the end users. The application then queries your identity provider to gather details like the team, roles, and other attributes of the user. At the same time, it fetches the resource details the user wants to access.

Replacing hardcoded logic with policy-driven decisions

Traditionally, the authorization logic that matches users to resources is hardcoded into your application using complex IF-ELSE/CASE-SWITCH statements. Cerbos eliminates this rigidity by abstracting this logic into standalone, policy-based service. Your application merely needs to send three key pieces of information to Cerbos:

  1. The principal: Information about the user.
  2. The resource: What the user is trying to interact with.
  3. The action: What the user aims to do with the resource.

Cerbos evaluates these against the defined policies and returns a simple 'Allow' or 'Deny' decision to your application. This makes the internal logic of your application cleaner, requiring only a single IF statement for authorization.

The double advantage of Cerbos

Benefit 1: Flexibility and agility

By moving authorization logic to policy files, you gain the ability to adapt swiftly to new roles and rules without modifying application code. Imagine your policies as the airport security guidelines; when the guidelines change, you don't need to rebuild the terminal—just update the rules.

Benefit 2: Comprehensive audit logs

Cerbos offers centralized auditing by logging every permission check made through the system. This is like having a detailed manifest of every passenger who tried to board a flight, making it easier to meet compliance requirements and giving your customers confidence in your security measures.

Useful resources


Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team