Scalable RBAC for multitenant SaaS applications
Quickly create real-time role-based access management for your multi-tenant SaaS application.
![Role-based access control for multi-tenant SaaS products](https://cdn.sanity.io/images/4gqsq44z/production/95c65577c9396dd46118a070802ea6fc2a74eb52-600x600.png)
Multi-tenant role-based access control
Role-Based Access Control (RBAC) describes the practice of aggregating discrete application permissions into a small set of roles, and assigning those roles to users or groups. Multi-tenant SaaS applications must ensure that these roles are scoped to a particular tenant, or set of tenants.
Aserto provides out-of-the-box support for this scenario. Users or groups can be assigned roles scoped to a single tenant, a set of tenants, or across all tenants. If you support a resource hierarchy under the tenant structure (teams, projects, lists, or folders) you can easily extend your authorization model to cover fine-grained access.
![Grant access based on custom roles and groups](https://cdn.sanity.io/images/4gqsq44z/production/e99969d2d337d5e0a2d77408a142e3f3beebb03f-74x74.png)
Go beyond simple roles
Create permissions within, and across each tenant. Grant access based on custom roles and group information.
![Real-time authorization with Aserto](https://cdn.sanity.io/images/4gqsq44z/production/e99969d2d337d5e0a2d77408a142e3f3beebb03f-74x74.png)
Enforce in real-time
Authorize using local user and resource data, within milliseconds and at 100% availability.
![Model policy on your domain model](https://cdn.sanity.io/images/4gqsq44z/production/e99969d2d337d5e0a2d77408a142e3f3beebb03f-74x74.png)
Model your resource hierarchy
Base your policies on your unique domain model to enforce multi-tenant role-based access control that is tailored to your business.
![allow custom roles](https://cdn.sanity.io/images/4gqsq44z/production/e99969d2d337d5e0a2d77408a142e3f3beebb03f-74x74.png)
Custom roles
Allow your customers to add custom roles that map to your permissions.
![Influence frontend and backend behavior](https://cdn.sanity.io/images/4gqsq44z/production/e99969d2d337d5e0a2d77408a142e3f3beebb03f-74x74.png)
Control more than access
Create policies that control access and influence frontend behavior, like hiding sections or fields.
![Evolve your policy to ABAC or ReBAC with Aserto](https://cdn.sanity.io/images/4gqsq44z/production/e99969d2d337d5e0a2d77408a142e3f3beebb03f-74x74.png)
When RBAC isn't enough
Easily evolve your policy to use resource ownership (ReBAC) or user and environmental attributes (ABAC).
![Explore additional use cases](https://cdn.sanity.io/images/4gqsq44z/production/ccbcdcdd9bae28e01540be4b71af85da15d43a6b-322x246.png)
Explore popular authorization use cases
![Lottie](/images/lottie.png)