We value your privacy

This website or its third-party tools process personal data. You can opt out of the sale of your personal information by clicking on the “Do Not Sell or Share My Personal Information” link.

Opt-out Preferences

We use third-party cookies that help us analyze how you use this website, store your preferences, and provide the content and advertisements that are relevant to you. However, you can opt out of these cookies by checking "Do Not Sell or Share My Personal Information" and clicking the "Save My Preferences" button. Once you opt out, you can opt in again at any time by unchecking "Do Not Sell or Share My Personal Information" and clicking the "Save My Preferences" button.

Do Not Sell or Share My Personal Information
Powered by Cookieyes logo

Collaborative policy playgrounds

Cerbos Hub playgrounds are fully-interactive, private development environments that provide an IDE-like experience for authoring policies. Quickly create or edit policies and test fixtures with instant feedback on syntax issues and test failures. Take advantage of the powerful collaborative editing features to pair with colleagues to develop new authorization rules or use it as a sandbox to train new team members on Cerbos policies.

Creating a playground

Login to Cerbos Hub and select one of the organizations you’re a member of. Click on the "Playgrounds" tab to view existing playgrounds or to create a new one.

When creating a new playground, you have a number of options:

  • Create an empty playground to start from scratch

  • Generate a starter RBAC policy by answering a few questions about your user roles, resources and actions

  • Start with an example template set of policies covering common use cases

  • If you have created a Cerbos Hub workspace by connecting a GitHub repository, you have the option of creating a playground populated with files from one of the git branches as well.

After creating a playground, click on the "Video tutorial" button on the top right corner of the screen to learn the basics.

Playground engine settings

The playground engine settings in the Settings tab allow you to configure the Cerbos PDP engine used when evaluating policy during development.

  • Default policy version: When a request does not explicitly specify the policy version, the Cerbos engine attempts to find a matching policy that has its version set to default. You can change this fallback value by setting the default policy version.

  • Lenient scope search: When lenient scope search is enabled, if a policy with scope a.b.c does not exist in the store, Cerbos will attempt to find scopes a.b, a and `` in that order.

  • Globals: Global variables are a way to pass environment-specific information to policy conditions. Values defined here are exposed to policy conditions via the globals object.

You can find full details of these settings in the Cerbos configuration reference.

Try the API

One of the key features of the playground is the ability to try out authorization checks against your policies without having to run a local Policy Decision Point (PDP). In the Implement tab of the sidebar, you can experiment with both the Check API and the Plan API. This section allows you to select from your test fixtures and view the request structure needed to call the PDP, as well as the expected response.

Try the API

Connect a PDP to a playground

For developers looking to test the integration of their application, Cerbos Hub offers a Playground PDP connection. This feature allows you to start up a PDP locally in your development environment and connect it to your current playground instance. Any changes you make in the playground are immediately reflected in your local PDP, enabling fast iteration and providing a real-time feedback loop for your integration efforts.

Instructions for starting up a local PDP can be found in the Implement tab under "Connect a PDP"

Connect a PDP

Note that while the Playground PDP connection is an excellent tool for rapid development and testing, it’s not intended for production use. When you’re ready to release your application to production environments, you should create a workspace connected to your policy repository and configure the PDPs to receive bundle updates via Cerbos Hub’s fully managed CI/CD pipeline. It also allows you to take advantage of Cerbos Hub audit log collection to effortlessly store and analyze all the decisions made by your PDPs.