
expected:
- resource: document#1
principal: user#1
actions:
create: EFFECT_ALLOW
read: EFFECT_ALLOW
update: EFFECT_ALLOW
delete: EFFECT_DENY
- resource: document#1
principal: admin#2
actions:
create: EFFECT_ALLOW
read: EFFECT_ALLOW
update: EFFECT_ALLOW
delete: EFFECT_ALLOW
Create detailed test suites for each of your types of users and resources and define the expected decision for each action. These tests can run on every change to policy to ensure expected results.
Fit Cerbos seamlessly into your tech stack
Prototype policies in your browser right now
Implement roles & permissions in your app
Book an intro call and learn more
Join thousands of developers | Features and updates | 1x per month | No spam, just goodies.
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.