early accessFine-Grained Authorization
Fine-Grained Authorization at Scale
Hypothesis
Authorization built to scale. Enable user collaboration and granular access control in your applications using developer-friendly APIs.
Updates
Authorization (AuthZ) is what determines whether an actor can perform a certain action on a particular resource, often via roles. For example, a budgeting application can read a person’s bank balance, but not perform transactions.
Fine-Grained Authorization (FGA) takes this a step further and addresses more granular, atomic authorization challenges that are often dynamic in nature, such as being able to access individual folders, files, or capabilities within a system based on actor attributes and their relationship to the resource.
In our Auth0 Lab experiment, codenamed Sandcastle, we explored the feasibility and viability of an FGA solution based on Google Zanzibar that affords fine-grained access to resources based on relationships (ReBAC).
Companies looking to implement FGA can use Sandcastle, now promoted to a formal product initiative named OpenFGA, to minimize time to value and building costs because OpenFGA offers fine grained authorization at scale as a service.
Resources
Zanzibar Academy
Zanzibar handles authorization for YouTube, Drive, Google Cloud and all of Google's other products
Fine-Grained Authorization Authorization Playground
This interactive playground allows you to learn about Auth0 FGA, an Auth0 initiative to solve fine-grained authorization at...
Fine-Grained Authorization Feature
Enable user collaboration and granular access control in your applications using developer-friendly APIs
OpenFGA
A flexible Fine-Grained Authorization system inspired by Google's Zanzibar, designed for reliability and low latency at scale.