early access
Fine-Grained Authorization

Fine-Grained Authorization at Scale


Authorization built to scale. Enable user collaboration and granular access control in your applications using developer-friendly APIs.


Authorization (AuthZ) is what determines whether an actor can perform a certain action on a particular resource, often via roles. For example, a budgeting application can read a person’s bank balance, but not perform transactions.

Fine-Grained Authorization (FGA) takes this a step further and addresses more granular, atomic authorization challenges that are often dynamic in nature, such as being able to access individual folders, files, or capabilities within a system based on actor attributes and their relationship to the resource.

[1] Learn more at fga.dev.

In our Auth0 Lab experiment, codenamed Sandcastle, we explored the feasibility and viability of an FGA solution based on Google Zanzibar that affords fine-grained access to resources based on relationships (ReBAC).

[2] Read the Google Zanzibar paper.

Companies looking to implement FGA can use Sandcastle, now promoted to a formal product initiative named OpenFGA, to minimize time to value and building costs because OpenFGA offers fine grained authorization at scale as a service.

[3] Learn more at OpenFGA.dev.

What are your thoughts? We invite you to join our conversations in Discord, and follow us on Twitter and LinkedIn.