Permit logo

Never Build Permissions Again

Developer-friendly full stack authorization for any application powered by - Policy-as-Code, APIs, SDKs, and UIs

Get Started
  • tesla
    Nebula
    bp
  • paloalto
    salt
    Signify
  • Cisco
    Rubicon
  • Medicalib
    vega
  • Intel
    Granulate
  • Honeycomb
    optum

A no-code authorization platform anyone can use.

  • Allow your entire team - from devs to sales, to securely manage permissions

  • The only solution with a no-code policy editor. Supports any model - RBAC, ABAC and ReBAC.

  • Permit generates fully transparent policy as code based on OPA's Rego or AWS' Cedar

  • Everything is managed as code in Git and controlled with a simple API

APIs for everything

Create, manage and automate your policies with Permit's API. Anything done via the UI can be done with our API, Terraform provider or SDKs as well!

One platform, any use case

  • RBAC

    Role based access

    Role based access
    default allow := false
    allow if {
      some role in data.users[input.user].roles
      actions := roles[role][input.resource.type]
      input.action in actions
    }
    roles["Banker"]["Loan"] := [
    	 "View","Approve","Decline"
    ]

    Create dynamic Role Based Access Control policies, like:

    " Banker can Approve Loan "

  • ABAC

    Granular attributes

    Granular attributes
    default allow := false
    allow if {
      some _, allowed_actions in conditions
      input.action in allowed_actions[input.resource.type]
    }
    conditions["Weekend Shift Employee"]["Database"] := [
    	 "Read", "Update", "Backup", "Restore"
    ] if {
    	 work_days := { day |
        day := data.users[input.user].attributes.work_days[_]
      }
      count({"Saturday", "Sunday"} & work_days) > 0
    }

    Build nuanced attribute based access control policies by adding attributes, like:

    " Weekend Shift Employees
    can access Database during Weekend "

  • ReBAC

    Resource and user hierarchies

    Resource and user hierarchies
    default allow := false
    allow if {
    	 patient_caregiver = true
    }
    patient_caregiver if {
    	 user_roles := data.users[input.user].roles
    	 some assigned_resource, assigned_roles in user_roles
      some role in assigned_roles
      input.action in roles[role][input.resource.type]
      assigned_resource in resource_relationships
    }
    resource_relationships[resource] {
      related_resources := graph.reachable(
        full_graph,{input.resource.id}
      )
      some resource in related_resources
    }
    full_graph[child] := parent if {
    	 all_resources := [resource | resource := data.resources[_]]
     	some child, parent_resource in object.union_n(all_resources)
    	 parent := [object.get(parent_resource, "parent_id", null)]
    }
    roles["Caregiver"]["Record"] := ["View", "Update", "Share", "Archive"]

    Create policies based on relationships between users and resources, like:

    " Caregiver of a Patient
    can View Patient's Medical Files "

Fully functional authorization in 5 minutes

Just add permit.check() to your code, middleware, mesh, or API gateway.

Homebrew
With Permit
  • Seamlessly migrate from any existing authorization solution

  • GitOps and Multi-tenancy available out-of-the-box

Hybrid Model

Secure, event-driven, compliant.

Engines

OPA / Ceder

Policy Updater

OPAL

  • All authorization decisions are made on your side side with zero latency

  • Use sensitive data for authorization decisions, without it ever leaving your VPC/Network

  • Permit is always up (+99.99) - but you are not dependent on our availability

  • Compliant with HIPPA, SOC2, and more

Flexible, Customizable, and Scalable Implementation

Supports any Authentication provider

Works great for any industry

Just listen to what these folks had to say...

  • Tal Saiag | Granulate Founder & CTO

    Tal Saiag

    Granulate Founder & CTO

    At Granulate we optimize our customers’ most critical systems; as a result, getting access control right is of the highest importance. Full stack permissions as a service allows our developers to focus on their core product. I was extremely impressed both by Permit.io’s technology and its dedication to customer service.
  • Matan Bakshi | Buzzer.ai Founder & CTO

    Matan Bakshi

    Buzzer.ai Founder & CTO

    Building authorization for Buzzer’s call-rep on-demand service was a challenging task, but with Permit.io we were able to get it up and running end-to-end in just a few days.
  • Ran Ribenzaft | Cisco, Epsagon CTO

    Ran Ribenzaft

    Cisco, Epsagon CTO

    At Epsagon (acquired by Cisco) we are no strangers to the complexity of microservices. Access control demands of microservices are never-ending , so they require a modern stack that can quickly adapt to the most demanding tech and security needs.
  • Hugo Beaujour | Medicalib Backend Engineer

    Hugo Beaujour

    Medicalib Backend Engineer

    Been using Permit with our project- It's exactly what I wanted... It's a small integration, using only granular authorizations. Great job! Be sure I'll keep following the project as it goes on, and keep using it!
  • Hongbo Miao | Tesla Senior Software Engineer

    Hongbo Miao

    Tesla Senior Software Engineer

    Moving to modern authorization for microservices is no easy feat, but OPAL made it easy. When I was learning and exploring replicator solutions for OPA myself in my free time, I found that OPAL is a very mature solution for the open-policy administration layer and beyond.
  • Nimrod Sadot | Honeycomb-Insurance Co-founder / CTO

    Nimrod Sadot

    Honeycomb-Insurance Co-founder / CTO

    Permit allows us to maintain the complexity and fine tuning with minimal effort on the code and easy configuration. The team at Permit is fantastic, real experts, with endless willingness to help. I was amazed by their openness to feedback and how quickly they evolved their product from very good to excellent.
  • Jayanth Vhavle | Walmart Software Engineer

    Jayanth Vhavle

    Walmart Software Engineer

    OPAL has been a godsend for supporting dynamic OPA data and policy updates. The Permit.io have always been proactive in understanding my questions and providing the right answers. Giving OPAL a try is a no-brainer when looking for alternatives to traditional bundle servers.
  • Jowanza Joseph | Parakeet Financial CEO

    Jowanza Joseph

    Parakeet Financial CEO

    Permit.io has been a game-changer for us. As an enterprise-focused organization, we recognized our need for advanced permissions and roles early on. Permit is one of the easiest integrations I've encountered, with exceptionally clear documentation. I constantly find myself recommending Permit.io to peers and colleagues - it’s great to have our authorization needs in their expert hands
  • Malcolm Learner   | Signify Health Senior Solution Architect

    Malcolm Learner

    Signify Health Senior Solution Architect

    Permit.io has helped us a lot to have a well-designed authorization platform based on open standards that we didn't have to design ourselves. Running the PDP with a the sidecar pattern fits well with our containerized micro-services architecture. And, Permit's support has been responsive and friendly. It's been a pleasure.

Test in minutes, go to prod in days.

Get Started Now

Join our Community

1531 Members

Get support from our experts, Learn from fellow devs

Join Permit's Slack