ReBAC Support

Relationship-based access control (ReBAC) is an access control model where permissions are granted based on the relationships between entities (e.g. users, resources, groups), beyond roles and attributes. This is used in production by companies like Google (e.g. for Google Docs sharing permissions), and enables convenient use case fulfillment such as automatic relations/authZ based on nested attributes resulting from an authZ graph (typically directed).

See [Google Zanzibar paper](https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/) for reference implementation

Reading/references:

https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf
https://dl.acm.org/doi/10.1145/1943513.1943539
https://www.researchgate.net/publication/236136712_A_New_Access_Control_Scheme_for_Facebook-Style_Social_Networks
https://www.osohq.com/academy/relationship-based-access-control-rebac
https://permify.co/post/relationship-based-access-control-rebac
https://aws.amazon.com/blogs/database/graph-powered-authorization-relationship-based-access-control-for-access-management
https://docs.permit.io/how-to/build-policies/rebac/overview
https://www.permit.io/blog/custom-policies


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ReBAC Support #25

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

ReBAC Support #25

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions