ReBAC Rego example

[mbortolazzo]

Hi,

I wonder if we can use GitOps with ReBAC and if we can have an example.

Cheers

[orweis]

For other viewers this is a question more about Permit.io than OPAL but the shared Rego code can be used in both.

Hi @mbortolazzo - yes of course.
Check out this demo - docs.permit.io/modeling/rebac-GHC, it uses the custom folder created in Gitops to load this custom Rego which imports the generated Rego code, and adds an ABAC policy on top to enforce time based access boundries.

[mbortolazzo]

Hi @orweis, that's how it looks. I mean, here is an example of what it looks like. I am trying to understand if we can replace our custom CLI and YML files with Rego

[orweis]

Hi @orweis, that's how it looks. I mean, here is an example of what it looks like. I am trying to understand if we can replace our custom CLI and YML files with Rego

I think there's maybe a missing attachment here ?

[mbortolazzo]

No, my English was just missing. What I was trying to say is that the link shows how to enable GitOps. What I am interested in is how a ReBAC project looks in Rego. As we need to chose if to use Rego or set up our system with a custom CLI and HTTP call to Permit.io

[gemanor]

We have here an example of a custom policy that includes the generated ReBAC policy - https://github.com/permitio/ghc-demo-policy
You can read more on the modeling of this repository here - https://www.permit.io/blog/building-healthcare-authorization-nextjs and here - https://docs.permit.io/modeling/rebac-GHC