OpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access control. It serves as a centralized authorization service for evaluating access requests and managing relationship tuples across distributed microservices and multi-tenant environments. The engine combines relationship graphs with attribute-based access control, using the Common Expression Language to evaluate dynamic runtime attributes and conditional access rules. It handles complex hierarchies and nested permissions by traversing chains of associations and parent-child links t
SpiceDB is a distributed permission store and relationship-based access control system. It provides a scalable database for storing and querying fine-grained authorization relationships, implementing a consistency model inspired by Google Zanzibar to manage access rights across large-scale applications. The system uses a dedicated schema language to define the rules and logic governing how relationships translate into permissions independently of application code. It functions as a pluggable authorization engine that persists relationship tuples in external relational databases such as Postgr
Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr
Cerbos is an open-source authorization service that provides a centralized, language-agnostic engine for managing access control. It functions as a policy-as-code platform, allowing teams to define, test, and distribute authorization rules using declarative YAML or JSON configurations. By decoupling access logic from application code, it enables consistent permission enforcement across diverse service stacks. The project distinguishes itself through its ability to translate high-level authorization policies into native database query filters. This capability allows applications to enforce sec
Las características principales de permify/permify son: Authorization Services, Authorization Schema Managers, Authorization Relations, Relational Entity Filtering, Authorization Policy Isolators, Tenant Lifecycle Managers, Permission Query Evaluators, Permissions Engines.
Las alternativas de código abierto para permify/permify incluyen: openfga/openfga — OpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access… authzed/spicedb — SpiceDB is a distributed permission store and relationship-based access control system. It provides a scalable… ory/keto — Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control… cerbos/cerbos — Cerbos is an open-source authorization service that provides a centralized, language-agnostic engine for managing… casbin/casbin — Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse… deepstreamio/deepstream.io — deepstream.io is an open-source realtime server that synchronizes JSON records, events, and remote procedure calls…