Your app permissions, centralized and hosted in France
A policy-based authorization engine powered by Cerbos, installed and maintained by DINAO. Define "who can do what" in YAML — your access decisions stay on our French servers.
What is Cerbos?
Cerbos is an open-source authorization platform that enables contextual access control based on declarative rules. It operates as a Policy Decision Point (PDP) : a separate service that evaluates permissions and renders access decisions for your applications.
The model revolves around four elements: principals (users or services), actions (create, delete, etc.), resources (protected objects), and policies (YAML files describing the rules). You define your rules in YAML, versioned in Git, and Cerbos evaluates them at runtime.
It offers two key APIs: CheckResources ("can this user access this?") and PlanResources ("what resources does this user have access to?"). It supports the transition from RBAC to ABAC with dynamic derived roles, and provides SDKs for Go, Java, JavaScript, .NET, PHP, Python, Ruby, and Rust. The focus is on simplicity, scalability, and language independence.
Host Cerbos at DINAO
Resource tiers compatible with Cerbos prerequisites (minimum 1 vCPU / 256 Mo / 2 Go). Hosted in France, fully managed.
- 1 dedicated vCPU
- 2 Go RAM
- 20 GB NVMe
- Daily backups
- Managed & monitored by DINAO
- 2 dedicated vCPU
- 4 Go RAM
- 40 GB NVMe
- Daily backups
- Managed & monitored by DINAO
- 4 dedicated vCPU
- 8 Go RAM
- 80 GB NVMe
- Daily backups
- Managed & monitored by DINAO
- 8 dedicated vCPU
- 16 Go RAM
- 160 GB NVMe
- Daily backups
- Managed & monitored by DINAO
Technical details
You might be wondering…
What is the purpose of a separate authorization engine?
Cerbos removes the "who can do what" logic from each application to centralize it in a dedicated service (a Policy Decision Point). Your rules are no longer duplicated or scattered : they are written once in YAML and queried via API.
What is the difference between RBAC and ABAC?
RBAC authorizes based on roles ("admin", "editor"). ABAC goes further by relying on attributes and context (resource owner, region, status, etc.). Cerbos supports both, with dynamic derived roles.
Does Cerbos work with any language?
Yes. Cerbos is an independent service queried via API, with SDKs for Go, Java, JavaScript, .NET, PHP, Python, Ruby, and Rust. Your applications ask an authorization question and receive a decision.
Do my access decisions leave the server?
No. The engine runs on your instance hosted in France by DINAO. Your policies and authorization decisions remain under your control.
Are technical skills required?
Writing policies is the responsibility of your technical teams, but managing the instance (installation, security, updates, availability) is fully handled by DINAO.