brew tap aserto-dev/tap && brew install topaz
Cloud-native authorization
Fine Grained
Design a fine grained authorization model that grows with your application. Evolve from a multi-tenant RBAC model to ABAC, ReBAC or any combination of models.
Policy Based
Extract authorization policy from application code and into its own artifact, implement a “policy-as-code” workflow for your organization. Build authorization policies into immutable, signed OCI images for a secure software supply chain.
Real-time
Deploy Topaz right next to your application for lightning-fast authorization decisions with local data. Topaz stores your users, groups, objects, and relationships in an embedded database, and optimizes query evaluation over the object graph.
Architecture
Deployed in your cloud, connected to your data sources.
Supported languages and frameworks
Get started quickly with docs and resources for popular languages.
Authorization Policy Examples
RBAC Policy example
allowed {
ds.check({
"object_type": "tenant",
"object_id": input.resource.tenant_id,
"relation": "viewer",
"subject_type": "user",
"subject_id": input.user.id,
})
}
ABAC Policy example
allowed {
ns := time.now_ns()
day := time.weekday(ns)
day == data.workdays[_]
input.user.properties.department == "Sales"
}
ReBAC Policy example
allowed {
ds.check({
"object_type": "document",
"object_id": input.resource.doc_id,
"relation": "can_read",
"subject_type": "user",
"subject_id": input.user.id,
})
}