4.2k

bg
All features

Policy-Based Access Control (PBAC)

Ensure dynamic and flexible access control with policy-driven decisions.

What is PBAC?

Policy-Based Access Control (PBAC) is a dynamic approach to manage access control in complex environments. It utilizes a policy engine and a policy definition language (Cerbos uses simple YAML) to articulate and enforce access rules. In PBAC, policies define the criteria for access and are managed using standard software development lifecycle tools, offering a scalable and adaptable solution for varying access control needs.

Why Choose PBAC?

  • Flexibility and scalability: Adapt to changing access needs with ease.
  • Granular control: Define access based on multiple conditions and contexts.
  • Integration with development tools: Manage policies using familiar software development practices.

PBAC in action with Cerbos


        

      

      
apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: default
  resource: pbacExample
  rules:
    - actions:
        - VIEW
      effect: EFFECT_ALLOW
      roles:
        - USER
      condition:
        match:
          all:
            of:
              - expr: request.principal.attr.department == "IT"
              - expr: request.resource.attr.type == "confidential"

In this PBAC policy, access to confidential resources is granted based on the principal’s attributes pf department and the resource type. This showcases how PBAC allows for highly granular and context-specific access control.

Join hundreds of leading companies using Cerbos

The world's leading crypto finance house serving people, projects, protocols and institutions since 2011.
Utility Warehouse synchronizes authorization across 4,500 services and secures millions of NHIs.
One of the world's leading automobile manufacturers.
Creating a world where workplaces work better.
4G Capital saves a quarter-million dollars per year with Cerbos.
An employee experience that people love.
Innovative financial services platform for small, medium and large companies.
BarrierSystems integrates Cerbos into smart vehicle access gates, cutting internal costs by 15%
Enabling all healthcare stakeholders to easily share information and work together.
Most secured and interactive NG911 cloud native communications platform for mission-critical contact centers.
The number 1 company in Italy to buy and sell.
Enhancing and accelerating the software development lifecycle.
Protecting user data with true end-to-end encryption.
The leading European analyst firm in identity and access management.
Modern and digital survey solutions for companies.
Complex (NTWRK) makes a complex access control system easy to manage with Cerbos
The experts in medical imaging technology.
Making the world a better place to work together.
An early stage tech venture investor.
The collaborative platform to build conversational AI.
Human Managed creates a future-proof ABAC engine with Cerbos.
The fastest development platform.
The leading contract creation and collaboration platform.
One of the world's fastest-growing global technology services provider.
9fin modifies product packaging in 10 minutes.
Cerbos helps Salesroom save over $1MM worth of developer time.
People analytics platform: Fast track to the insights behind your people data.
Advanced malware and phishing analysis.
Leading search intelligence platform for the open web.
Logistics payments without the logistics.
Nook onboards 3x more users by implementing granular roles and permissions.
A react-based framework for building internal tools, rapidly.
Debite accelerates compliance certification and ships products faster.
Supy offers dynamic role management to their clients with Cerbos.
Loop secures air-gapped cash deposit machines with Cerbos.
Making the world a better place to work together.
Build and manage residential investment portfolios.
Securely manage application secrets and configurations.
A discussion-first platform without language issues.
Collaborative team design canvas that equips tech leaders to make smarter org design decisions.
The world's leading crypto finance house serving people, projects, protocols and institutions since 2011.
Utility Warehouse synchronizes authorization across 4,500 services and secures millions of NHIs.
One of the world's leading automobile manufacturers.
Creating a world where workplaces work better.
4G Capital saves a quarter-million dollars per year with Cerbos.
An employee experience that people love.
Innovative financial services platform for small, medium and large companies.
BarrierSystems integrates Cerbos into smart vehicle access gates, cutting internal costs by 15%
Enabling all healthcare stakeholders to easily share information and work together.
Most secured and interactive NG911 cloud native communications platform for mission-critical contact centers.
The number 1 company in Italy to buy and sell.
Enhancing and accelerating the software development lifecycle.
Protecting user data with true end-to-end encryption.
The leading European analyst firm in identity and access management.
Modern and digital survey solutions for companies.
Complex (NTWRK) makes a complex access control system easy to manage with Cerbos
The experts in medical imaging technology.
Making the world a better place to work together.
An early stage tech venture investor.
The collaborative platform to build conversational AI.
Human Managed creates a future-proof ABAC engine with Cerbos.
The fastest development platform.
The leading contract creation and collaboration platform.
One of the world's fastest-growing global technology services provider.
9fin modifies product packaging in 10 minutes.
Cerbos helps Salesroom save over $1MM worth of developer time.
People analytics platform: Fast track to the insights behind your people data.
Advanced malware and phishing analysis.
Leading search intelligence platform for the open web.
Logistics payments without the logistics.
Nook onboards 3x more users by implementing granular roles and permissions.
A react-based framework for building internal tools, rapidly.
Debite accelerates compliance certification and ships products faster.
Supy offers dynamic role management to their clients with Cerbos.
Loop secures air-gapped cash deposit machines with Cerbos.
Making the world a better place to work together.
Build and manage residential investment portfolios.
Securely manage application secrets and configurations.
A discussion-first platform without language issues.
Collaborative team design canvas that equips tech leaders to make smarter org design decisions.

Find out more

Features, benefits & use cases

Features, benefits & use cases

Fit Cerbos seamlessly into your tech stack

Playground

Playground

Prototype policies in your browser right now

Cerbos Hub

Cerbos Hub

Implement roles & permissions in your app

Speak to an engineer

Speak to an engineer

Book an intro call and learn more

Cerbos
/assets/footer/socials/x.svg/assets/footer/socials/github.svg/assets/footer/socials/mail.svg/assets/footer/socials/youtube.svg/assets/footer/socials/linkedin.svg/assets/footer/socials/slack.svg/assets/footer/socials/npm.svg/assets/footer/socials/rss.svg
/assets/footer/compliance/soc-2.svg/assets/footer/compliance/gdpr.svg

What is Cerbos?

Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.

Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.

© 2026 Cerbos.dev

Terms of Service

Privacy Policy

Trusted Tester Agreement

Trademark Guidelines