By centralizing fine-grained access control, developers can now decouple authorization (AuthZ) from their primary business logic. Cerbos embodies this approach and delivers uniform security protocols across different services and APIs.
Although Cerbos efficiently handles the majority of access control decisions for standard application requirements, challenges arise when constructing a list of resources accessible only to the current principal. While Cerbos APIs can manage batch requests, filtering a vast number of records becomes inefficient. This is especially true if extracting a large dataset from the source results in discarding most of the data post-filtering.