Cerbos Has a Free Policy Engine for Authorization That Uses YAML Policies

Cerbos is an open-source authorization engine. Define policies in YAML, check permissions via API.

Features

• Policy-as-code — YAML
• REST + gRPC API
• Audit logging
• GitOps — version control policies
• Single binary

Policy Example

apiVersion: api.cerbos.dev/v1
resourcePolicy:
  resource: document
  rules:
    - actions: ['read']
      effect: EFFECT_ALLOW
      roles: ['user']
    - actions: ['read', 'edit', 'delete']
      effect: EFFECT_ALLOW
      roles: ['admin']

Check Permissions

const allowed = await cerbos.checkResource({
  principal: { id: 'user1', roles: ['user'] },
  resource: { kind: 'document', id: 'doc1' },
  actions: ['read'],
});

---

Need authorization? GitHub or spinov001@gmail.com