TOPAZ

Combining the best of OPA and Zanzibar

Topaz is an open-source, self-hosted, fine-grained access control service for modern cloud applications. It uses the Open Policy Agent (OPA) as its decision engine, and provides a built-in directory that implements the Google Zanzibar data model.

RBAC

RBAC Policy
allowed {
  ds.check({
    "object_type": "tenant",
    "object_key": input.resource.tenant,
    "relation": "member",
    "subject_type": "user",
    "subject_key": input.user.key,
  })
}

ABAC

ABAC Policy
allowed {
  ns := time.now_ns()
  day := time.weekday(ns)
  day == data.workdays[_]
  input.user.department == "Sales"
}

ReBACw

ReBAC Policy
allowed {
  ds.check({
    "object_type": "document",
    "object_key": input.resource.doc,
    "relation": "read",
    "subject_type": "user",
    "subject_key": input.user.key,
  })
}

Links & Docs

Introduction
go-aserto. Authorizer Client

TOPAZ

RBAC​

ABAC​

ReBACw​

Links & Docs​

RBAC

ABAC

ReBACw

Links & Docs