-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #506 from permitio/filipermit/differenciator-check…
…list Differentiator checklist
- Loading branch information
Showing
2 changed files
with
129 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,128 @@ | ||
| --- | ||
| sidebar_position: 2 | ||
| title: Permit Strength Points | ||
| --- | ||
|
|
||
| This checklist highlights Permit’s **unique advantages** over homebrewed and alternative solutions, showcasing why it stands | ||
| out in the authorization and access control space. | ||
|
|
||
| ## Policy Builder (UI/API/SDK/IaC/PaC) | ||
|
|
||
| The Permit’s Policy Builder provides an intuitive way to define and manage authorization rules while maintaining the | ||
| flexibility of Policy-as-Code. Every policy created through the UI is automatically generated as code, making it fully | ||
| GitOps-compatible for version control, collaboration, and automation. | ||
|
|
||
| - **RBAC (Role-Based Access Control)** – Assign permissions based on user roles. | ||
| - **ReBAC (Relationship-Based Access Control)** – Define permissions based on user relationships. | ||
| - **ABAC (Attribute-Based Access Control)** – Fine-grained control based on user, resource, and environment attributes. | ||
|
|
||
| ## Dynamic Policy Updates | ||
|
|
||
| Permit enables fully event-driven dynamic policy updates via our open-source project [OPAL](https://github.com/permitio/opal). This ensures that policy changes are propagated in real-time across distributed environments without requiring application restarts or manual interventions. | ||
|
|
||
| ## Fully Event-Driven Data Updates | ||
|
|
||
| Permit leverages the event-driven, open-source data update engine of [OPAL](https://github.com/permitio/opal) | ||
| to ensure real-time, dynamic data synchronization. | ||
| With OPAL, you can define centralized data sources that seamlessly sync application data across distributed Policy Decision | ||
| Points (PDPs), enabling zero-latency authorization decisions. | ||
|
|
||
| ### Stateful or Stateless Flexibility | ||
|
|
||
| You can choose how to load and manage authorization data: | ||
|
|
||
| - **Stateless Mode** – Dynamically load data as part of an input query for real-time checks. | ||
| - **Stateful Mode** – Maintain state within Permit by syncing data from multiple sources, ensuring authorization decisions are | ||
| made with preloaded context. | ||
|
|
||
| ## Data Plane Segregation from Control Plane | ||
|
|
||
| Permit provides a strict separation between the centralized **Control Plane** (where policies are managed) and the distributed | ||
| **Data Plane** (where authorization decisions are enforced). This architecture improves security, scalability, and compliance. | ||
|
|
||
| - More details: [Control Plane & Data Plane](/concepts/control-plane-and-data-plane) | ||
|
|
||
| ## Custom Data Modelling & Schema | ||
|
|
||
| Permit allows organizations to define and structure their own authorization data models. | ||
|
|
||
| - **Support for hierarchical and custom attributes**. | ||
| - **Seamless integration with identity providers and databases**. | ||
| - **More info:** [Managing Data](/how-to/manage-data/loading-data) and [Building ABAC Policies](/how-to/build-policies/abac/building-abac-policy) | ||
|
|
||
| ## Unmatched Data Consistency & Low Latency | ||
|
|
||
| Permit’s hybrid architecture provides multiple consistency guarantees: | ||
|
|
||
| - **Zero Latency**: Local PDPs (Policy Decision Points) execute decisions instantly at the edge (<10ms on p95). | ||
| - **Hybrid Model**: Provides centralized policy management while maintaining local enforcement. | ||
| - **Fine-Tuned Consistency Options**: | ||
| - **Eventual consistency** (PDP updates within ~100ms on P95) | ||
| - **Fully consistent updates** for mission-critical policies | ||
| - **Health-check-based consistency with callbacks** for dynamic environments | ||
|
|
||
| ## Support for Multiple Authorization Models | ||
|
|
||
| Permit provides out-of-the-box support for: | ||
|
|
||
| - **RBAC** (Role-Based Access Control) | ||
| - **ReBAC** (Relationship-Based Access Control) | ||
| - **ABAC** (Attribute-Based Access Control) | ||
| - **PBAC** (Policy-Based Access Control), enabling highly configurable policies using Rego, Cedar, Terraform, and other languages | ||
|
|
||
| ## Advanced Authorization Queries | ||
|
|
||
| Permit provides powerful authorization queries, starting with **basic enforcement** and extending to **resource visibility, | ||
| bulk operations, and fine-grained access control**. | ||
|
|
||
| - **Basic Enforcement**: [Check authorization decisions](/how-to/enforce-permissions/check) | ||
| - **Feature Flagging**: [Enable conditional access with CASL](/integrations/feature-flagging/casl) | ||
|
|
||
| But Permit goes **beyond simple YES/NO checks** by enabling: | ||
|
|
||
| - **Resource Visibility**: [List all resources a user can access](/how-to/enforce-permissions/user-permissions) | ||
| - **Action-Specific Checks**: [Determine all actions a user can perform on a resource](/how-to/enforce-permissions/bulk-check) | ||
| - **Filtering & Fine-Grained Access Control**: [Identify deletable resources](/how-to/enforce-permissions/data-filtering) | ||
|
|
||
| ## Open Source & Licensing | ||
|
|
||
| Permit embraces **open-source principles**, allowing full transparency and flexibility: | ||
|
|
||
| - All customer-deployed components (**PDP, SDKs, OPAL**) are **open-source** under Apache licenses. | ||
| - Organizations can self-host components while maintaining full control over their authorization logic. | ||
| - More details: [Open-Source Fallback](/concepts/oss-fallback/) | ||
|
|
||
| ## Enterprise-Grade Compliance & Security | ||
|
|
||
| Permit offers **industry-leading security** and **compliance capabilities** to ensure **full transparency, control, and | ||
| auditability**. | ||
|
|
||
| - **Decision Logs**: Human and machine-readable logs capturing every authorization event, enriched with **detailed metadata** | ||
| for full transparency. | ||
| - **Two Types of Audit Logs**: | ||
| - **Permit Audit Logs** – Track internal authorization system changes. | ||
| - **API Logs** – Monitor API-based authorization events. | ||
| - **Authorization for Authorization (AuthZ for AuthZ)** – Control who can modify policies, ensuring governance over policy | ||
| changes. | ||
| - **SOC 2 Type II & HIPAA Compliance** – Meet enterprise-grade security and data privacy standards. | ||
|
|
||
| ## Telemetry & Observability | ||
|
|
||
| Permit provides extensive observability features for monitoring and debugging: | ||
|
|
||
| - **Supports OpenTelemetry** for distributed tracing | ||
| - **Structured Logging** for deep analytics | ||
| - **Datadog Integration** for seamless application monitoring | ||
|
|
||
| ## Backup & Versioning | ||
|
|
||
| Permit ensures robust backup and disaster recovery mechanisms: | ||
|
|
||
| - **Git-backed policies** for version control and policy auditing | ||
| - **Backup & point-in-time restore** to recover previous authorization states | ||
| - **Persisted PDP states** to ensure fault-tolerant deployments | ||
|
|
||
| --- | ||
|
|
||
| Permit delivers enterprise-grade, flexible, and high-performance authorization that outmatches traditional solutions. | ||
| Explore more at [Permit.io](https://permit.io). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters