Authorization Services - Provides a standalone authorization service that abstracts access control logic from application code.
Authorization Schema Managers - Creates, reads, lists, and partially updates the authorization model schema defining resource types and permissions.
Authorization Relations - Creates named relationships between entities to model user-resource connections for permission evaluation.
Relational Entity Filtering - Filters stored relation tuples by specified criteria to retrieve authorization relationships.
Authorization Policy Isolators - Isolates authorization policies and data per tenant while managing all tenants from a single service.
Tenant Lifecycle Managers - Manages isolated tenant spaces within the authorization service for multi-tenant deployments.
Permission Query Evaluators - Evaluates permission queries in tens of milliseconds by traversing stored relation tuples and streaming changes.
Permissions Engines - Provides an open-source engine that centralizes authorization logic, supporting RBAC, ReBAC, and ABAC.
Permission - Specifies access control decisions using set-algebraic operators like intersection and union.
Authorization Mode Managers - Manages authorization data by writing, reading, and deleting relationships and attributes.
Attribute-Aware Policy Evaluators - Evaluates runtime attributes such as IP ranges and time periods during permission graph traversal.
Dynamic Attribute Policies - Ships a permission engine that evaluates runtime attributes like IP ranges and time periods for context-aware access decisions.
Declarative Permission Modelers - Defines resource-specific, hierarchical permissions using a domain-specific language with RBAC, ReBAC, and ABAC.
Granular Permission Systems - Provides a domain-specific language for defining resource-specific, hierarchical, and context-aware permissions.
Relationship-Based Access Controls - Evaluates whether a user has a specific permission on a resource by traversing stored authorization relationships.
Authorization Services - Models, evaluates, and audits fine-grained access permissions using a domain-specific language and real-time checks.
Custom Authorization Logic - Provides a standalone service that abstracts custom authorization logic from application code.
Entity Definitions - Defines entities like documents and users as the core objects for permission modeling.
Low-Latency Permission Evaluators - Evaluates permission queries in tens of milliseconds to answer whether a user can access a specific resource.
Namespace-Based Isolation - Separates authorization data and schema per tenant using isolated namespaces.
Permission-Based Access Control - Implements permission-based access control to find all entities a user has a specific permission on.
Entity Lookups - Provides an API to look up all entities a user has a given permission on.
Real-Time Checks - Evaluates access control queries and returns decisions in tens of milliseconds.
Bulk Permission Checkers - Processes up to one hundred permission checks in a single batched request.
Request Authentication Middleware - Secures API endpoints with configurable middleware that validates OpenID Connect JWTs or pre-shared keys.
Relation Tuple Traversals - Evaluates permissions by traversing a directed graph of stored relation tuples.
Multi-tenant Isolation Policies - Isolates authorization logic and custom permissions per tenant from a single service instance.
Authorization Schemas - Defines entities, relations, and permissions using a declarative schema with versioning and partial updates.
Authorization State Streamers - Streams real-time events for changes to relationships and attributes for external synchronization or auditing.
