← Back to catalog Cerbos · managed by DINAO

Your app permissions, centralized and hosted in France

A policy-based authorization engine powered by Cerbos, installed and maintained by DINAO. Define "who can do what" in YAML — your access decisions stay on our French servers.

Hosted in FranceYAML PoliciesRBAC & ABACGDPR CompliantOfficial publisher image
Overview

What is Cerbos?

Cerbos is an open-source authorization platform that enables contextual access control based on declarative rules. It operates as a Policy Decision Point (PDP) : a separate service that evaluates permissions and renders access decisions for your applications.

The model revolves around four elements: principals (users or services), actions (create, delete, etc.), resources (protected objects), and policies (YAML files describing the rules). You define your rules in YAML, versioned in Git, and Cerbos evaluates them at runtime.

It offers two key APIs: CheckResources ("can this user access this?") and PlanResources ("what resources does this user have access to?"). It supports the transition from RBAC to ABAC with dynamic derived roles, and provides SDKs for Go, Java, JavaScript, .NET, PHP, Python, Ruby, and Rust. The focus is on simplicity, scalability, and language independence.

Compatible offers

Host Cerbos at DINAO

Resource tiers compatible with Cerbos prerequisites (minimum 1 vCPU / 256 Mo / 2 Go). Hosted in France, fully managed.

Standard
2 vCPU · 4 Go · 40 Go
19,90 € /month excl. VAT
  • 2 dedicated vCPU
  • 4 Go RAM
  • 40 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Performance
4 vCPU · 8 Go · 80 Go
39,90 € /month excl. VAT
  • 4 dedicated vCPU
  • 8 Go RAM
  • 80 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Dédié
8 vCPU · 16 Go · 160 Go
79,90 € /month excl. VAT
  • 8 dedicated vCPU
  • 16 Go RAM
  • 160 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Under the hood

Technical details

vCPU
1 vCPU
ideal : 1 vCPU
Memory
256 Mo
ideal : 512 Mo
Disk
2 Go
ideal : 5 Go
Image : ghcr.io/cerbos/cerbos:latest Registry : ghcr.io Services : cerbos Ports : 3592, 3593
FAQ

You might be wondering…

What is the purpose of a separate authorization engine?

Cerbos removes the "who can do what" logic from each application to centralize it in a dedicated service (a Policy Decision Point). Your rules are no longer duplicated or scattered : they are written once in YAML and queried via API.

What is the difference between RBAC and ABAC?

RBAC authorizes based on roles ("admin", "editor"). ABAC goes further by relying on attributes and context (resource owner, region, status, etc.). Cerbos supports both, with dynamic derived roles.

Does Cerbos work with any language?

Yes. Cerbos is an independent service queried via API, with SDKs for Go, Java, JavaScript, .NET, PHP, Python, Ruby, and Rust. Your applications ask an authorization question and receive a decision.

Do my access decisions leave the server?

No. The engine runs on your instance hosted in France by DINAO. Your policies and authorization decisions remain under your control.

Are technical skills required?

Writing policies is the responsibility of your technical teams, but managing the instance (installation, security, updates, availability) is fully handled by DINAO.