Loved by leading developers:
Moving to modern authorization for microservices is no easy feat, but OPAL made it easy. When I was learning and exploring replicator solutions for OPA myself in my free time, I found that OPAL is a very mature solution for the open-policy administration layer and beyond. Their community support is on another level, responding quickly to any question.
Hongbo Miao, Senior Software Engineer, Ex-Microsoft, Tesla
I have had the pleasure to deep dive with the Permit.io team and discuss our PoC. I was impressed with the team's knowledge of multiple Auth solutions. They explained various options with their pros and cons. Very smart and capable team.
Pawel Englert, Tech Lead, Beekeeper.io
Building authorization for Buzzer’s call-rep on-demand service was a challenging task, but with Permit.io we were able to get it up and running end-to-end in just a few days.
We now have 3 engineers who built services on top of Permit.io - all of which constantly keep telling me how happy they are with the solution, and how easy it was to use. We’ve probably already saved months of work thanks to the platform.
Matan Bakshi, Founder & CTO, Buzzer.ai
At Granulate we optimize our customers’ most critical systems; as a result, getting access control right is of the highest importance. Full stack permissions as a service allow our developers to focus on their core product, knowing that access control will work well both for our teams and the end customer. I was extremely impressed both by Permit.io’s technology and its dedication to customer service.
Tal Saiag, Founder & CTO, Granulate.io
At Epsagon (acquired by Cisco) we are no strangers to the complexity of microservices.
Access control demands of microservices are never-ending, so they require a modern stack that can quickly adapt to the most demanding tech and security needs. Permit.io provided us with a secure end-to-end authorization solution that saved us months of engineering work.
Ran Ribenzaft , Epsagon CTO, Cisco
When we build applications, secure access is at the forefront of our minds.
Application authorization is a huge pain point for companies, as one of the largest and most rapidly expanding attack surfaces. I was excited to discover Permit.io, which, to date, provides the most advanced authorization solution, based on open-source standards and supporting multiple policy models.
Barak Schoster Goihman, Senior Director, Palo-Alto Networks
Been using Permit with our project- It's exactly what I wanted. ... It's a small integration, using only granular authorizations. Great job! Be sure I'll keep following the project as it goes on, and keep using it!
Hugo Beaujour, Backend Engineer , Medicalib
Our system is built on dozens of roles and actions that allow full flexibility and serve each of our customers, agents, and partners, as well as our own teams, with the right actions. Permit allows us to maintain the complexity and fine tuning with minimal effort on the code and easy configuration. The team at Permit is fantastic, real experts, with endless willingness to help. I was amazed by their openness to feedback and how quickly they evolved their product from very good to excellent.
Nimrod Sadot, Co-founder and CTO, Honeycomb Insurance
ABAC with Low Code
Powerful Attribute Based Access Control made simple
- Scale seamlessly from RBAC to ABAC as your permissions needs grow
- Save significant time and complexity versus building and maintaining yourself
- Simplify for your non technical stakeholders with no code interfaces available out of the box
- Gain flexibility beyond what is possible with RBAC with very little effort Address all of the different use cases for your customers with comprehensive controls
- Learn all about Attribute Based Access Control at permit.io/abac
Policy Editor Interface
Makes granting permissions as easy as checking a box
- Manage and edit your policies with in seconds instead of days
- Work with a simple UI, API, or directly with rego code.
- Enable multi-tenancy, RBAC, ABAC , ReBAC, and more with a single streamlined interface.
- Provide low-code/no-code interfaces for non-technical users.
- Ensure future requirements are met with policy as code.
- Get Git Ops support out-of-the-box
Manage Users According to Your Needs
A no-code interface for simple user management
- Create an organization hierarchy as you see fit
- Use groups to control access
- Assign roles and permissions easily
- Integrate to your email provider and send automated invites
Audit Application Policies and Decisions
Ensure your policies are protecting you and your operations.
- Get a full audit of every authorization decision
- Monitor the decisions your authorization policies made
- Track whether authorization was permitted or denied, to who and why
- Optimize policies to increase security confidence
Performance You Can Build On
Permit.io lets you build and scale with zero network latency.
- Avg. 1 ms per query (OPA-based)
- Milliseconds for policy and data event update propagation (OPAL-based)
- Maintain system performance thanks to our hybrid model with a local sidecar
Decouple Policy from Code
Checking permissions is as easy as permit.check(). Integrate in your code, middelware, mesh, or API gateway- with ease.
if (await permit.check(user, "close", `doc:${doc.id}`)) {
// allowed to close issue
}// Gather all the needed objects for the permission check
// Complete user object from DB (based on session object, only 3 DB queries...)
const user = new User(session);
const doc = new Document(undefined, undefined, session.url);
// The 'fancy' home-brewed auth-z layer (Someone wrote 3 years ago)
AllowedDocType allowedDocTypes = new AllowedDocType(user.role);
// Query Stripe for live data (hope it's not too slow)
const isPaying = (await stripeWrapper.get_billing_status(user.email)) == STRIPE_PAYING;
if (user.role == ADMIN ||
( user.geo == "US" &&
allowedDocTypes.includes(doc.type) &&
isPaying &&
user.role == EDITOR || user.role == VIEWER)){
// allow access
}if (await permit.check(user, "close", `doc:${doc.id}`)) {
// allowed to close issue
}permitted = await permit.check(user, "close", f"issue:{issue.id}")
if permitted:
# allowed to close issue# Gather all the needed objects for the permission check
# Complete user object from DB (based on session object, only 3 DB queries...)
user = User(session=session)
doc = Document(url=session.url)
# The 'fancy' home-brewed auth-z layer (Someone wrote 3 years ago)
allowed_doc_types = get_allowed_doc_types(user.role)
# Query Stripe for live data (hope it's not too slow)
is_paying = (await stripe_wrapper.get_billing_status(user.email)) == STRIPE_PAYING
if user.role == UserRole.ADMIN or
(user.geo == "US" and
doc.type in allowed_doc_types and
is_paying and
user.role == UserRole.EDITOR or user.role == UserRole.VIEWER):
# allow accesspermitted = await permit.check(user, "close", f"issue:{issue.id}")
if permitted:
# allowed to close issueboolean permitted = permit.check( user, "create", Resource.fromString("document") );
if (permitted) {
// allow access
}// Gather all the needed objects for the permission check
// Complete user object from DB (based on session object, only 3 DB queries...)
User user = new User.Builder.fromSession(session);
Document doc = new Document.Builder().fromUrl(session.url);
// The 'fancy' home-brewed auth-z layer (Someone wrote 3 years ago)
AllowedDocType allowedDocTypes = new AllowedDocType(user.role);
// Query Stripe for live data (hope it's not too slow)
boolean isPaying = stripeWrapper.get_billing_status(user.email) == STRIPE_PAYING;
if (user.role == ADMIN ||
( user.geo == "US" &&
allowedDocTypes.includes(doc.type) &&
isPaying &&
user.role == EDITOR || user.role == VIEWER)){
// allow access
}
boolean permitted = permit.check( user, "create", Resource.fromString("document") );
if (permitted) {
// allow access
}bool permitted = await permit.Check(user.key, "create", "document");
if (permitted)
{
Console.Write("User is PERMITTED to create a document");
}// Gather all the needed objects for the permission check
// Complete user object from DB (based on session object, only 3 DB queries...)
User user = new User.Builder.fromSession(session);
Document doc = new Document.Builder().fromUrl(session.url);
// The 'fancy' home-brewed auth-z layer (Someone wrote 3 years ago)
AllowedDocType allowedDocTypes = new AllowedDocType(user.role);
// Query Stripe for live data (hope it's not too slow)
bool isPaying = (await stripeWrapper.get_billing_status(user.email)) == STRIPE_PAYING;
if (user.role == ADMIN ||
( user.geo == "US" &&
allowedDocTypes.includes(doc.type) &&
isPaying &&
user.role == EDITOR || user.role == VIEWER))
{
Console.Write("User is PERMITTED to create a document");
}
bool permitted = await permit.Check(user.key, "create", "document");
if (permitted)
{
Console.Write("User is PERMITTED to create a document");
}Slide to see your code before and after Permit.io
Leverage the Power of Open Source
Connect Seamlessly to Your Authentication
Bake-in authorization in minutes. Simply plug-in on top of your existing AuthN solution (e.g. Auth0, Cognito).
Join the Conversation
Ready to transform your authorization?
Start using Permit.io and get your permissions and access management set up in minutes.
