FusionAuth offers role-based access control (RBAC) as part of its authentication system, allowing users to be tagged with one or more roles that are interpreted by applications to determine allowed actions. However, this model may not be granular enough for complex authorization decisions, which can be offloaded to an authorization server like Cerbos, centralizing decision-making and reducing complexity in application code. Cerbos adds a layer of permissions on top of roles provided by FusionAuth, allowing for consistent and intelligent authorization decisions across the entire application stack. The use of Cerbos enables the encapsulation of complex business logic in one place, leaving application logic to focus on delivering features rather than handling access control.