DEV Community

Cover image for Cerbos: Fine-Grained Access Control in Days NOT Months
Ibrohim Abdivokhidov
Ibrohim Abdivokhidov

Posted on

Cerbos: Fine-Grained Access Control in Days NOT Months

#tutorial #opensource #security #architecture

Get Started with Cerbos

Recently I came across a new open-source project called Cerbos: Authorization-as-a-Service. It worth to discuss it here.

So... What is Cerbos?

In a very brief:

Cerbos is an authorization solution, which helps developers easily implement and manage fine-grained access control.
As of November 2024, Cerbos is still in the early stages of development, but it already looks promising.

They offer two main products such as Cerbos Hub and Cerbos Policy Decision Point (PDP).
It's kinda one solution for different teams like Developers, Architects, Security Engineers, and Product Teams to implement authorization in their applications.

And... it's Open Source.

Let's dive into the details. And see how different teams can benefit from Cerbos.

Cerbos Hub:

Cerbos for Developers: Why Developers Love Cerbos?

Authorization can be a complex, time-consuming task for developers. But with Cerbos, you can simplify your workflow and focus on building amazing features instead of wrestling with access controls.

Implement Authorization Once

Want to see how easy it is? Check out the Cerbos video tutorial to learn how to add a typical CRUD policy to a simple Express app in Node.

Developer-Centric Design

Cerbos is built by developers, for developers. It's designed to seamlessly integrate with your existing infrastructure, no matter how you deploy:

  • Host it as a sidecar, service, or function.
  • Define permissions as config files outside your application logic—no more code changes when access requirements evolve.

Production-Ready from Day One

With Cerbos, you don't need to worry about last-minute surprises in production. Enjoy first-class support for GitOps with features like:

  • A built-in testing framework to validate policies.
  • Easy integration with your CI/CD pipeline for seamless deployment. here.

Support for Multiple Languages

Cerbos is designed for flexibility, with support for popular programming languages like:

  • .NET, Go, JavaScript, Java, PHP, Ruby, Python, and Rust And that's just the start—more languages are on the way!

One-Line Authorization Made Simple

Cerbos takes the hassle out of authorization with an intuitive approach that reduces boilerplate and keeps your code clean. Here's a simple example in Rust:

before Cerbos:

if user.email.ends_with("@mycompany.com") !! (user.company.package == "premium" && user.groups.any(|&g| g == "managers")) 
{
    if user.region = resource.region {
        audit_log. record(audit::ALLOWED, "edit", user, resource);
        // access allowed
    } else {
        audit_log.record(audit::DENIED, "edit", user, resource)
        // access denied
    } 
} else {
    audit_log. record(audit:: DENIED, "edit", user, resource)
    // access denied
}
Enter fullscreen mode Exit fullscreen mode

after Cerbos:

if cerbos_client.is_allowed("edit", user, rosource, None).await? 
{
    // access allowed
}
Enter fullscreen mode Exit fullscreen mode

Say goodbye to scattered, complex authorization logic. With Cerbos, you make a single call for access decisions. From there, product owners or security teams can manage access rules without ever touching your code.

With Cerbos, authorization is no longer a bottleneck. It's a streamlined, developer-friendly process that empowers you to build faster, scale easily, and stay secure. Try it out today !

Cerbos for Architects: Build Secure, Scalable Architectures with Cerbos

As an architect, securing your systems and maintaining scalability are top priorities. With Cerbos, you can achieve both through externalized authorization, making your architecture more robust and aligned with Zero Trust principles.

Externalized Authorization Made Simple

Cerbos' Policy Decision Point (PDP) and managed Policy Administration Point (PAP) let you centralize and streamline access control for your enterprise applications.

Architecture

Explore how this works with an interactive diagram on the Cerbos for Architects page .

Policy-Based Access Control (PBAC)

Cerbos enables flexible and dynamic access control:

  • Define policies based on multiple conditions and contexts.
  • Adapt to evolving access needs without disrupting your system.
  • Align policies with your organization's governance processes.

Audit Logging for Transparency

Get full visibility into access decisions with Cerbos’ audit logs:

  • Logs every decision across all PDP instances.
  • Integrate with your existing SIEM tools for centralized monitoring and compliance.
  • Use Cerbos Hub to view and analyze all decisions in one place.

Distributed Yet Centrally Managed

Cerbos makes policy management easy and consistent:

  • Collaborative tools for developers and product teams to create and update policies.
  • Centralized control through Cerbos Hub, ensuring your authorization logic is transparent and adaptable.

Start securing your architecture today with a solution built for modern enterprise needs. Try Cerbos for Architects today and meet your scalability and security goals with ease!

Cerbos for Security Engineers: Secure, Transparent, and Reliable

Hey, you are a security engineer, and your task is to protect sensitive data and ensure robust access control. Here we go. Cerbos empowers you to achieve this with a reliable, transparent, and secure authorization solution—designed for high-security environments and strict compliance needs.

Consistent Access Control with Full Visibility

Cerbos provides a centralized way to enforce access control across your architecture. You can track and audit every request and decision without relying on developers, giving you the transparency and accountability you need.

Built for High-Security Requirements

  • Compliance Assurance: Cerbos meets strict standards for environments governed by regulations like HIPAA, PCI DSS, and GDPR, making it ideal for compliance-driven industries.
  • Private by Design: Perfect for air-gapped deployments and Zero Trust architectures, Cerbos is tailored for the most secure use cases.
  • No Vendor Lock-In: Keep full control of where your policies are stored and deployed, ensuring your independence and portability across platforms.

Fine-Grained Access Control Made Easy

With Cerbos, you can define RBAC and ABAC policies that are as detailed and specific as your use case demands. Achieve precise control over access while keeping your policies flexible and easy to manage.

Cerbos delivers the tools you need to secure your architecture while staying compliant and adaptable. Take the guesswork out of access control—start building with Cerbos for Security Engineers today !

Cerbos for Product Teams: Flexible Policies, Zero Hassle

Managing roles and permissions in a fast-evolving business can be a challenge, but Cerbos makes it simple. Define and adapt complex access policies as your needs change—without adding to your developers' workload.

A Step-by-Step Guide to Smarter Authorization

1. Capture Business Requirements

Start by gathering input from across your team. Understand what your permission logic needs to achieve in your application. Learn how to map requirements to authorization policies.

2. Define Policies

Based on your business logic, create policies that define roles, conditions, and rules for each resource in your app. Explore Cerbos policy documentation.

3. Implement Permission Checks

Collaborate with your developers to integrate permission checks. The best part? This setup only needs to be done once! Access developer resources.

4. Iterate as You Grow

As your business evolves, update policies and conditions directly in Cerbos without touching application code.

Book a free policy-mapping workshop and start building smarter policies today.

Streamline your authorization process and give your product team the flexibility they need to succeed. With Cerbos, policies keep up with your business—effortlessly here Cerbos for Product Teams !

That's all about Cerbos Hub. However, the possibilities of Cerbos are endless.

Well, okey; Let's move on to the next product.

Cerbos Policy Decision Point (PDP)

The scalable, open source authorization layer for implementing roles and permissions. Here's how it works.

Cerbos PDP

  • Fast and secure,
  • Plug and play,
  • Developer-friendly,

Those are the main key features of Cerbos PDP that differentiate it from the rest of the authorization solutions (if there are any of them 😅).

They have a very nice playground where you can test your policies and see how it works in real-time. Here Try it out with the Cerbos Playground.

Cerbos Playground

And I would recommend to connect github account to save your policies.

Connect GitHub

Umm... Why Cerbos?

If you stil aske me why Cerbos? Here are some reasons:

  • Open Source: Freely available under the Apache 2.0 license, encouraging transparency and community collaboration. on GitHub

PS: To be honest, I'm a huge fan of open-source projects. I believe that open-source projects are the future of software development. (Mark Zuckerburg also mentioned that in his recent interview).
Inspired by the stuff all around the open-source community.
Back to June 2024, I have founded mine as well here Open Community: Making AI Uncool Again..
We build Open Source AI-powered projects and tools for people.

  • Decoupled authorization with Cerbos: Empower developers to focus on what truly matters: delivering exceptional products. Simplify, secure, and save with Cerbos. Decoupled authZ

  • Built for Scale: Stateless and containerized architecture with horizontal scalability to handle increasing workloads seamlessly. Scaling Cerbos

  • Centralized Management: Cerbos Hub simplifies policy management, promotes collaboration, and streamlines deployment processes. Cerbos Hub

Centralized Management

  • Supported Authentication Providers: Seamless integration with any identity provider, including native JWT support for systems like Auth0 and Okta. Policy-based authorization

  • Fine-Grained Access Control: Offers robust RBAC and ABAC policies for precise resource access control. Learn more about RBAC and ABAC

  • No Vendor Lock-In: Retain full ownership of policies and deploy on any platform without constraints. No Vendor Lock-In

  • Thriving Community: Engage with an active Slack community and connect directly with Cerbos engineers for support and ideas. Join the Slack Community

PS: This is a stuff that I really appreciate. I believe that the community is the key to success. And directly connecting with the engineers is a huge plus for anyone who is using the product.

Cerbos delivers flexibility, scalability, and control, making it a powerful choice for access management.

Get Started with Cerbos, NOW!

Painless access control for your software. Here's why...

Get Started with Cerbos

Should you have any questions or need further information, please feel free to reach out to me at abdibrokhim[at]gmail[dot]com. I'm always happy to help.

Written with 💛 by Ibrohim Abdivokhidov for Cerbos.

Edit this page on GitHub

Top comments (0)

Read next

clickit_devops profile image

Unlocking Cloud-Native Potential on AWS: Let’s Talk Tools and Architectures 🌐

ClickIT - DevOps and Software Development -

dazevedo profile image

JWT in Microservices

Daniel Azevedo -

thinkthroo profile image

Node.js util module usage in Changesets

thinkThroo -

atixag profile image

The future of software architecture: focus on event-driven architecture

ATIXAG -