Cerbos
Talk to an engineer
Cerbos PDP
Documentation Code Issue Tracker Discussion Forum
Cerbos Hub
Sign up Documentation
Cerbos Synapse
About Documentation
Support
Community Slack Discussion Forum Email (help@cerbos.dev)
Cerbos website

Cerbos

  • Getting started
    • What is Cerbos?
    • Quickstart
    • Tutorial
      • Intro
      • Running locally
      • Resource definition
      • Calling Cerbos
      • Testing policies
      • Adding conditions
      • Derived roles
      • Principal policies
      • Attribute schema
      • Integrating Cerbos
    • Installation
      • Binaries
      • Container
      • Helm chart
  • Cerbos API
    • Using the API
    • Admin API
  • Policies
    • How Cerbos evaluates requests
    • Policy authoring
    • Derived roles
    • Resource policies
    • Principal policies
    • Role policies
    • Scoped policies
    • Scope permissions
    • Conditions
    • Variables and constants
    • Outputs
    • Schemas
    • Validating and testing
    • Best practices
    • Debugging authorization decisions
    • Agent skill
  • Configuration
    • Audit
    • AuxData
    • Engine
    • Observability (metrics and traces)
    • Schema
    • Server
    • Storage
    • Telemetry
  • Deployment patterns
    • Cloud platforms
    • Kubernetes service
    • Kubernetes sidecar
    • Kubernetes daemonset
    • Serverless/FaaS environments
    • Systemd service
  • CLI
    • cerbos
    • cerbosctl
  • Recipes
    • Example apps
      • Photo-share application
      • Demo of securing a REST API with Cerbos
      • Modelling a multi-tenant SaaS with Cerbos
      • Admin API demo with Go and React
    • Authentication integration
      • Auth0
      • FusionAuth
      • JWT
      • Magic
      • Okta
      • AWS Cognito
    • Query plan adapters
      • Overview
      • Prisma
      • Drizzle
      • Mongoose
      • Convex
      • LangChain / ChromaDB
      • SQLAlchemy
    • Checking permissions in your UI
    • Filtering resources by permission
    • Field-level and column-level security
    • Modeling hierarchies and multi-tenancy
    • Working with JWT claims in policies
    • AI integration
      • RAG authorization
  • Release Notes
    • v0.52.0
    • v0.51.0
    • v0.50.0
    • Archives
      • v0.49.0
      • v0.48.0
      • v0.47.0
      • v0.46.0
      • v0.45.1
      • v0.45.0
      • v0.44.0
      • v0.43.0
      • v0.42.0
      • v0.41.0
      • v0.40.0
      • v0.39.0
      • v0.38.1
      • v0.37.0
      • v0.36.0
      • v0.35.1
      • v0.34.0
      • v0.33.0
      • v0.32.0
      • v0.31.0
      • v0.30.0
      • v0.29.0
      • v0.28.0
      • v0.27.0
      • v0.26.0
      • v0.25.0
      • v0.24.0
      • v0.23.1
      • v0.23.0
      • v0.22.0
      • v0.21.0
      • v0.20.0
      • v0.19.1
      • v0.19.0
      • v0.18.0
      • v0.17.0
      • v0.16.0
      • v0.15.1
      • v0.15.0
      • v0.14.0
      • v0.13.0
      • v0.12.0
      • v0.11.0
      • v0.10.0
      • v0.9.1
      • v0.9.0
      • v0.8.0
      • v0.7.0
      • v0.6.0
      • v0.5.0
  • Glossary
    • Glossary of Cerbos terms
  • Engineering
    • Why Cerbos runs as a separate process
Cerbos 0.52.0
  • Cerbos
    • 0.53.0-prerelease
    • 0.52.0
    • 0.51.0
    • 0.50.0
    • 0.49.0
    • 0.48.0
    • 0.47.0
    • 0.46.0
    • 0.45.1
    • 0.44.0
    • 0.43.0
    • 0.42.0
    • 0.41.0
    • 0.40.0
    • 0.39.0
    • 0.38.1
    • 0.37.0
    • 0.36.0
    • 0.35.1
    • 0.34.0
    • 0.33.0
    • 0.32.0
  • Cerbos Hub
  • Cerbos Synapse
    • ~
  • Cerbos
  • Engineering
0.53.0-prerelease 0.52.0 0.51.0 0.50.0 0.49.0 0.48.0 0.47.0 0.46.0 0.45.1 0.44.0 0.43.0 0.42.0 0.41.0 0.40.0 0.39.0 0.38.1 0.37.0 0.36.0 0.35.1 0.34.0 0.33.0 0.32.0
Edit this Page

Why we built Cerbos this way

Welcome! The purpose of this section is to give some insight into how decisions were made when designing and building Cerbos, for the more curious of our users.

  • Why Cerbos runs as a separate process

Glossary Why Cerbos runs as a separate process
Cerbos   Copyright (C) 2020-2026 Zenauth Ltd.