We value your privacy

This website or its third-party tools process personal data. You can opt out of the sale of your personal information by clicking on the “Do Not Sell or Share My Personal Information” link.

Opt-out Preferences

We use third-party cookies that help us analyze how you use this website, store your preferences, and provide the content and advertisements that are relevant to you. However, you can opt out of these cookies by checking "Do Not Sell or Share My Personal Information" and clicking the "Save My Preferences" button. Once you opt out, you can opt in again at any time by unchecking "Do Not Sell or Share My Personal Information" and clicking the "Save My Preferences" button.

Do Not Sell or Share My Personal Information
Powered by Cookieyes logo

Policy Decision Points

Cerbos Hub supports two types of policy decision points for making authorization decisions.

Service

The open source Cerbos server running as a service or sidecar within your infrastructure and connected to Cerbos Hub to automatically receive bundle updates. This is the most suitable option for majority of authorization requirements and has benefits such as query planner, full audit logging, centralised management and horizontal scalability.

Embedded

A self-contained snapshot of a policy set that can be embedded into any WebAssembly framework. Suitable for use cases where authorization decisions cannot be made over the network due to deployment constraints.

Table 1. Decision point feature matrix
Service Embedded

Check permissions

Evaluate whether a given principal, can perform a given action on resource.

Yes

Yes

Query plan

Perform a partial evaluation of policy to return a the conditions to apply to a query to return just the instances of a resource a principal has access to.

Yes

No

Audit logs

Audit logs capture access records and decisions made by the engine along with the associated context data.

Yes

No