&color=rgb(100%2C100%2C100)&link=https%3A%2F%2Fgithub.com%2Faserto-dev%2Ftopaz)
The fastest-path to fine-grained access control for apps of any scale
We make it easy for developers to secure access to their cloud apps.
Evolve your authorization model to support the principle of least privilege with fine-grained access
Make authorization decisions based on your users, groups, domain model, resource hierarchy, and relationships between all of these.
allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}allowed {
input.user.properties.dept == "Sales"
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "manager",
"object_type": "user",
"object_id": input.resource.id
})
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "can_read",
"object_type": "document",
"object_id": input.resource.id
})
}allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}allowed {
input.user.properties.dept == "Sales"
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "manager",
"object_type": "user",
"object_id": input.resource.id
})
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "can_read",
"object_type": "document",
"object_id": input.resource.id
})
}allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}Enforce locally using real-time data
Make authorization decisions locally using real-time data in milliseconds and with 100% availability.
Manage policies in one place
Define and manage policies across your application/s from one central location.
Focus on what matters
Spend more time shipping core features and less time building access control.
Decouple policy from code
Allow policy and code to evolve independently, streamlining the interaction between security and engineering.
Create a secure software supply chain for your policies
Store and version your policy code in a git repo, just like any other code. Build, tag, and sign your policies into immutable images, just like any other application artifact.
Works with what you have
Native support for popular identity providers, artifact registries, logging systems, and source code repositories make integration a breeze.
Easy to integrate
Get up and running quickly using our Quickstarts, gRPC / REST / graphQL APIS, or our SDKs for popular languages and frameworks, including Node.js, Golang, Python, .Net, Ruby, and React.
const { jwtAuthz } = require("@aserto/aserto-node")
const checkAuthz = jwtAuthz({ ... })
// ...
app.get("/protectPath/:param", checkJwt, checkAuthz,
async (req, res) => { ... }
)
Node
Go
Python
Java
.NET
Ruby
No lock-in
Built upon an open, cloud-native foundation, which includes Topaz, Open Policy Agent (OPA), Policy CLI, and many of the ideas in the Google Zanzibar system.
