Authorization (AuthZ) is what determines whether an actor can perform a certain action on a particular resource, often via roles. For example, a budgeting application can read a person’s bank balance, but not perform transactions.

Fine-Grained Authorization (FGA) takes this a step further and addresses more granular, atomic authorization challenges that are often dynamic in nature, such as being able to access individual folders, files, or capabilities within a system based on actor attributes and their relationship to the resource.

In our Auth0 Lab experiment, codenamed Sandcastle, we explored the feasibility and viability of a large scale FGA solution as a service using relationship based access control (ReBAC) based on Google Zanzibar.

Sandcastle has graduated from the Lab and is now an "Authorization as a service" product: Okta FGA, currently in early access. Okta FGA enables user collaboration and granular access control in your applications using developer-friendly APIs.

Additionally, an OSS project called OpenFGA was published and accepted into CNCF. OpenFGA is a high performance and flexible authorization system built for developers and inspired by Google Zanzibar.

What are your thoughts? We invite you to join our conversations in Discord, and follow us on Twitter and LinkedIn.