Frameworks

Authorization for Django applications with Cerbos

Add policy-based authorization to Django views and middleware using the Cerbos Python SDK. Enforce fine-grained access control without hard-coding permission logic in views or models.

Authorize views and middleware

Add Cerbos checks in Django views or middleware to enforce permissions before requests reach your application logic

Attribute-based decisions

Pass user identity, request data, and model attributes from Django to Cerbos for context-aware authorization decisions

Decouple policy from code

Move authorization rules out of Django views and model permissions into versioned YAML policies that update without redeployment

How Cerbos works with Django

Building authorization logic inside Django quickly becomes a maintenance burden. Hard-coded role checks scatter across controllers and middleware, and every permission change requires a code deploy.

Cerbos replaces scattered authorization logic with a single API call. You define fine-grained policies in YAML, and the Cerbos PDP evaluates them at request time using roles, attributes, and any context you provide.

With Cerbos your Django application stays focused on business logic while authorization policies evolve independently, managed by product or security teams without touching code.

Policy-as-codeHuman-readable YAML policies managed like source code Scalable PDPStateless policy decision point with sub-millisecond latency Centralized managementManage, test, and deploy policies from a single control plane

How Cerbos works with Django

Add the Cerbos Python SDK to your Django project. Install the SDK and configure a Cerbos client, typically initialized in a middleware class or utility module.
Call Cerbos from views or middleware. Extract the authenticated user from Django's request object, build a Cerbos check request with the target resource and action, and allow or deny access based on the PDP response.
Define authorization policies in YAML. Write resource and principal policies that capture your access control rules, including roles, attributes, and conditions. Store them alongside your code and version them in git.
Cerbos evaluates policies at request time. Every authorization check is evaluated against the latest policies with sub-millisecond latency. Update rules without redeploying your Django application.

FAQ

How do I integrate Cerbos with Django?

Use the Cerbos Python SDK to create a client and call the Cerbos PDP from your Django views or middleware. Extract the authenticated user from the request, build a Cerbos check request with the resource and action, and gate access based on the PDP response.

Can I use Cerbos as Django middleware?

Yes. Create a Django middleware class that intercepts requests, extracts the principal and resource information, and calls the Cerbos PDP before the view executes. The Cerbos PDP responds in sub-millisecond time, adding negligible latency to request processing.

Does Cerbos replace Django's built-in permissions?

Cerbos can replace or augment Django's built-in permission system. Instead of defining permissions in models and checking them with decorators, you define authorization policies in YAML and evaluate them at request time through the Cerbos PDP.