Permify
Permify is an open-source authorization service for creating fine-grained and scalable authorization systems.
info
Our goal is to make Google’s Zanzibar available to everyone and help engineering teams build a robust, flexible, and easily auditable authorization systems.
try Permify
docker run -p 3476:3476 -p 3478:3478 ghcr.io/permify/permify serve
RBAC
RBAC Schema
entity user {}
entity organization {
//roles
relation admin @user
relation member @user
relation manager @user
relation agent @user
//organization files access permissions
action view_files = admin or manager or (member not agent)
action edit_files = admin or manager
action delete_file = admin
//vendor files access permissions
action view_vendor_files = admin or manager or agent
action edit_vendor_files = admin or agent
action delete_vendor_file = agent
}
ABAC
ABAC Schema
entity user {}
entity organization {
relation member @user
attribute credit integer
permission view = check_credit(credit) and member
}
entity repository {
relation organization @organization
attribute is_public boolean
permission view = is_public
permission edit = organization.view
permission delete = is_weekday(request.day_of_week)
}
rule check_credit(credit integer) {
credit > 5000
}
rule is_weekday(day_of_week string) {
day_of_week != 'saturday' && day_of_week != 'sunday'
}
ReBAC
Relationship Based Access Control (ReBAC)
ReBAC Schema
entity user {}
entity organization {
// organizational roles
relation admin @user
relation member @user
}
entity repository {
// represents repositories parent organization
relation parent @organization
// represents user of this repository
relation owner @user
// permissions
action push = owner
action read = owner and (parent.admin or parent.member)
action delete = parent.admin or owner
}