&color=rgb(100%2C100%2C100)&link=https%3A%2F%2Fgithub.com%2Faserto-dev%2Ftopaz)
Easily support the demands of enterprise customers
Custom roles, management hierarchies, inherited permission, departments & teams, live in minutes.
Enterprise-grade authorization
Support the most complex demands. Easily authorize based on organization structure, departments, teams, projects, environmental attributes, and more.
allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}allowed {
input.user.properties.dept == "Sales"
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "manager",
"object_type": "user",
"object_id": input.resource.id
})
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "can_read",
"object_type": "document",
"object_id": input.resource.id
})
}allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}allowed {
input.user.properties.dept == "Sales"
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "manager",
"object_type": "user",
"object_id": input.resource.id
})
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "can_read",
"object_type": "document",
"object_id": input.resource.id
})
}allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}Organizational-aware access controls
Aserto natively supports management relationships. Easily add the ability for managers to access the digital assets their reports have created.
Multi-tenant authorization
Support multi-tenant/account scenarios with ease. Some organizations might want to have different teams or environments in different tenants. Allow users to have permissions across all, or a set of tenants.
Self-serve custom roles
Every enterprise is different. Let your customers build their own roles and permissions to fit their requirements and organizational structure.
Simplify compliance and audits
Full audit trails. Automatically capture detailed logs for every decision made, along with all the inputs and reasoning. These audit trails can be used for anomaly detection and proof of compliance.
Add powerful capabilities to your apps
Just-in-time access
Turn access on or off. Support internal teams; provide a support agent with access to customer records once assigned to that customer, and revoke it when that is no longer the case.
Custom editions
Mix and match features and support custom product packaging. Restrict the features and capabilities that are available to your end-users without deploying the app.
Externalized authorization policies
Decouple authorization logic from code, so that it can evolve without redeploying the application. Externalized policies can also be treated like code, version controlled, tested, and signed.
Application security best practices
Zero trust and least privilege by nature. Aserto helps you implement best in class security standards with a fine-grained, real-time access control system that defaults to deny.
Trying to decide whether to build or buy?
Authorization is deceptively hard. Open Source projects like Topaz can help. And Aserto can help you scale and support an externalized authorization service for your multi-tenant SaaS application. Get the whitepaper to learn more!
Get the whitepaper!
