Since our last update, we have released v0.44.0 and v0.45.0 of Cerbos PDP, introducing multi-action query plans and smarter role prioritization.

We also published several new resources to help teams strengthen their authorization strategy. These include a demo on using Cerbos in Vue.js, a walkthrough on implementing hierarchy-based permissions in Cerbos, a guide on fine-grained permissions in MCP servers, and a comparison of pre- vs. post-filtering for authorization.

Beyond that, we have tackled broader architectural themes. Our latest content dives into the patterns of failure in modern authorization and how to avoid them, as well as strategies for managing failure scenarios in microservice architectures, with both technical and business considerations. We also looked at why machine identity protection is a smart investment, and what sets great software architects apart.

Capping off a packed month, we’ve launched a new ebook 📘“How to adopt externalized authorization”!

It’s a 10-chapter guide built from our experience helping hundreds of teams, from startups to enterprises, successfully navigate the transition to externalized authorization.

Give it a read, and let us know what you think.

Product Updates

Cerbos PDP

Versions v0.44.0 and v0.45.0 of Cerbos PDP bring a powerful new capability to the PlanResources API and continue our work on improving the core engine.

A common pattern we see is checking a user's permissions for multiple actions on a resource to render a user interface correctly. Previously, this required either multiple PlanResources calls or complex client-side logic to merge the results. With v0.44.0, the PlanResources API now supports checking multiple actions in a single request.

The v0.45.0 release adds more rigour around policy updates, and the query planner improves handling of role policies that grant access, ensuring the generated plan is not unnecessarily constrained by lower-privileged roles.

We’ve also introduced a policy naming restriction to prevent ambiguity and improve readability, updated storage.<driver>.connRetry.maxAttempts to represent the total number of connection attempts, including the initial one, and worked on several under-the-hood improvements.

You can find the full release notes here: v0.44.0 & v0.45.0 

Cerbos PDP is open source, check out our GitHub

Helpful Content

Ebook: How to adopt externalized authorization

Over the years, we’ve worked with hundreds of engineering, IAM, and security teams to help them adopt externalized authorization. 

This experience shaped our ebook. It gives readers a 10-step roadmap, from foundational planning to AuthZ phased rollout and long-term governance, to navigate this transformation. It’s packed with practical frameworks and policy examples.

If your team is exploring this path - we hope it gives you clarity, and saves you time.

Upcoming Events

Visit our booth at:

• WeAreDevelopers World Congress, Berlin, Germany, July 9-11. Booth 2_02. Stop by to chat about the future of authorization, and participate in our Lego chess set raffle!

Meet our team members and check out their talks to get valuable insights:

• Alex Olivier, CPO and Co-Founder, will be attending the DevOps Exchange meetup in London, July 24. Feel free to say hi and ask any questions you may have about authorization and ZTA.
• Daniel Maher, Sr DevRel Manager, speaking at DevOpsDays Rio de Janeiro, August 16. Stop by to listen to his talk “Code is not enough: Grow your career without leaving your terminal"!