&color=rgb(100%2C100%2C100)&link=https%3A%2F%2Fgithub.com%2Faserto-dev%2Ftopaz)
Add authorization to multi-tenant SaaS apps
Fine-grained permissions, pricing tiers, and sharing, ready-to-go in minutes.
Go beyond roles
Easily add resource-level permissions to any SaaS. Multi-tenant applications need more than roles in isolated environments. They need fine-grained permissions.
Identity & context-aware access
Justified access, not just access. Marry user information from your identity providers and directories with dynamic context data from your application, to ensure that only the right users can access the right resources.
Fast & scalable authorization
Authorize in a millisecond, based on fresh data. Enjoy the blazing fast authorization of a local microservice, with the scalability of a distributed system.
Seamlessly evolve your model
Evolve authorization as requirements change. Aserto natively supports RBAC, ABAC, PBAC, ReBAC, and combinations. Start with the simplest model and seamlessly evolve to more powerful ones when the time is right.
allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}allowed {
input.user.properties.dept == "Sales"
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "manager",
"object_type": "user",
"object_id": input.resource.id
})
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "can_read",
"object_type": "document",
"object_id": input.resource.id
})
}allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}allowed {
input.user.properties.dept == "Sales"
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "manager",
"object_type": "user",
"object_id": input.resource.id
})
}allowed {
ds.check({
"subject_type": "user",
"subject_id": input.user.id,
"relation": "can_read",
"object_type": "document",
"object_id": input.resource.id
})
}allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
}Easy implementation
Add authorization to your app in minutes, not months. Go, Node, Java, Python, Ruby, and ASP.NET SDKs & quickstarts are available, as well as GraphQL, gRPC, and REST APIs.
const { jwtAuthz } = require("@aserto/aserto-node")
const checkAuthz = jwtAuthz({ ... })
// ...
app.get("/protectPath/:param", checkJwt, checkAuthz,
async (req, res) => { ... }
)
Node
Go
Python
Java
.NET
Ruby
Add powerful capabilities to your apps
Secure sharing
Your users want to share resources they own with others - let them. Add resource-level secure sharing to your app in minutes.
Self-serve entitlements
Allow your enterprise customers to mix and match your permissions into their own custom roles.
Pricing & frontend changes
Add trials, feature bundles, add-ons, and custom pricing packages to your app. Customize frontend experiences with external policies, rather than feature flags or updates to code.
Full audit trails
Automatically capture every access decision made, along with all of the inputs. Easily export these audit trails to your SIEM tools, or share them with auditors as proof of compliance.
Trying to decide whether to build or buy?
Authorization is deceptively hard. Open Source projects like Topaz can help. And Aserto can help you scale and support a Topaz-based externalized authorization service for your multi-tenant SaaS application. Get the whitepaper to learn more!
Get the whitepaper!
