Cerbos Playground: Dive into the RBAC policy generator

Published by Aldin Kiselica on September 13, 2023
image

Access control in modern applications is crucial to ensure data privacy and system integrity. As applications become more complex and interconnected, so does the need for a more simplified way to manage access controls. Enter Cerbos Playground's newest feature - the RBAC Policy Generator. Here’s all you need to know.

What is Cerbos Playground?

Cerbos Playground is a convenient web environment and Integrated Development Environment (IDE) tailored for those who wish to design, test, experiment, and prototype policies. The beauty lies in its simplicity – no need to download anything or set up a local machine. It’s a browser-based tool that can be accessed at play.cerbos.dev.

The RBAC Policy Generator

The latest addition, the RBAC Policy Generator, is focused on Role-Based Access Control (RBAC). RBAC is a fundamental authorization type where access permissions are granted based on a user’s role within the system.

How Does It Work?

  • Define User Roles: Start by listing out the various roles in your system, such as User, Admin, or Manager. This could be derived from your identity provider or current user database.
  • Define Resources: Specify the different resources in your system. A resource is anything you want to apply access control rules to. For instance, a basic resource could have actions like create, read, update, or delete. Tailor this to your specific application's needs.
  • Set Permissions: Using a matrix, decide which roles can perform which actions. It’s a straightforward process of ticking boxes against roles and actions.
  • Generate Policies: Once all details are filled in, hit the 'generate' button. The Policy Generator will then churn out RBAC policies tailor-made for your application. It provides detailed policies for every resource and action combination you've defined.


For those looking for an extra layer of granularity, the system also hints at how one could evolve from RBAC to Attribute-Based Access Control (ABAC). With ABAC, access control decisions are made based on attributes of users, the environment, or resources.

What’s policy creation without testing? Cerbos Playground also generates a test suite, offering example resources and principals. This makes it easier to validate the expected outcomes and get immediate feedback in case of any misconfigurations.

Seamless Integration with Cerbos Playground

If you're familiar with the Cerbos Playground, you'd appreciate the seamless integration of this new feature. Once you’ve generated your policies, you can experiment further, validate them against test cases, and even directly try out API requests. Everything you need is right there in the sidebar.

In Conclusion

The introduction of the RBAC Policy Generator in the Cerbos Playground might be a game-changer for developers and system admins. It offers a streamlined approach to designing and testing access control policies. Whether you're new to Cerbos or a seasoned user, this feature promises efficiency and precision.

The world of access control just got a tad simpler, and we're here for all of it! If you've tried the new feature or have suggestions, we encourage you to reach out and join our Slack community.

GUIDE

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team