Cerbos Hub Insights: are your authorization decisions readable now?

TL;DR: Teams can see denies, active principals, and busy resource-action pairs instead of reading individual log lines as Cerbos Hub Insights adds aggregated charts and rankings on top of Cerbos PDP audit decisions, according to Cerbos. The real change is not visibility alone but the ability to spot authorization drift before it turns into production friction.

NHIMG editorial — what this means for NHI practitioners

Questions worth separating out

Q: How should security teams use authorization analytics in production?

A: Security teams should use authorization analytics to spot drift, concentration, and malformed request patterns before they become user-facing incidents.

Q: Why do authorization logs alone fail to show governance risk?

A: Authorization logs show individual decisions, but governance risk emerges from patterns across many decisions.

Q: What signals show that authorization policies are drifting?

A: Look for rising denies after policy changes, a sharp drop or spike in active principals, and unusual concentration in a few resource-action pairs.

Practitioner guidance

• Track denials as a production signal Review hourly and daily deny trends alongside recent policy changes, application releases, and resource renames so you can separate expected tightening from accidental breakage.
• Rank the principals that drive most traffic Use active principal rankings to identify whether one service, client, or integration is carrying too much authorization load and deserves closer governance review.
• Validate resource-action pair concentration Inspect the most common resource and action combinations to see whether access patterns are healthy or whether a narrow set of operations is masking over-reliance on a few paths.

What's in the full announcement

Cerbos's full documentation covers the operational detail this post intentionally leaves for the source:

• Step-by-step walkthrough of how the Insights page is populated from PDP decision data.
• Exact filtering behaviour that links charts back into the underlying audit log.
• Workspace role requirements for viewing audit logs and Insights content.
• The available chart views for hourly and daily decision trends across the last seven and thirty days.

👉 Read Cerbos's documentation on Hub Insights for authorization decision analytics →

Cerbos Hub Insights: are your authorization decisions readable now?

Explore further

View Full Forum →  |  NHI Foundation Course →