Fine-grained relationship-based access control

Define and enforce roles and permissions based on relationships between your users and groups and your application's resource hierarchy

Relationship-based access control with Aserto
Dark Sea FloorDark Sea FloorLottie

Fine-grained access based on resource relationships

Relationship-Based Access Control (ReBAC) is a new take on the Access Control List (ACL) paradigm of cascading access to each resource in a hierarchy, such as directories and files. ReBAC generalizes this model into a relationship graph between subjects and objects via relations. ReBAC models can be traversed as a graph to determine whether a user or group has a certain permission on a resource.

Aserto’s Directory is built around the ReBAC model, and makes it easy to define a custom resource hierarchy that matches your domain model: organizations, teams, projects, lists, folders, and so on. You also define the set of relations - owner, admin, member, viewer - that relate these objects to subjects (users and groups). Aserto makes it easy to implement relationship based access control policies based on your application's unique domain model.

Fine-grained access control with Aserto

Control access to every level of your resource hierarchy

Define and enforce access control policies based on the relationships subjects have to resources in your system, as well as role and group information.

Combine attribute and relationship-based access control patterns in one policy

Combine ReBAC and ABAC rules in a single authorization policy

Use the best of both worlds, and combine relationship-based rules with user or resource attributes in a single policy.

Real-time, fine-grained access control

Enforce in milliseconds based on real-time data

Resources and their relationships are synced to the policy decision point in your cloud automatically and in real-time to eliminate the risk of access based on stale data.

Influence frontend and backend behavior

Control what your users can see and do

Influence frontend behavior as well as backend logic based on the relationship the end user has with the resource in question.

Manage all of your access control policies from one place

Define and manage policies in one place

Decouple policy from application code, allowing both security and engineering to move faster. Manage all of your policies and decision logs centrally to simplify governance and compliance.

Open, cloud-native foundation

Leverage the best of the open cloud native ecosystem

Aserto is built upon an open, cloud-native foundation, which includes Open Policy Agent (OPA), Topaz authorizer, Policy CLI, and many of the ideas in the Google Zanzibar system.


Speak to us about your authorization challenges