/warrant

Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.

Primary LanguageGoApache License 2.0Apache-2.0

Warrant

Website | Warrant Cloud | Docs | API Reference

GitHub GitHub release (latest by date) GitHub Workflow Status (with branch) Slack Community Twitter Follow Backed by Y Combinator

Warrant - Open Source Access Control Service

Warrant is a highly scalable, centralized authorization service for defining, storing, querying, checking, and auditing application authorization models and access rules. At its core, Warrant is a relationship based access control (ReBAC) engine (inspired by Google Zanzibar) capable of enforcing any authorization paradigm, including role based access control (RBAC) (e.g. [user:1] has [permission:view-billing-details]), attribute based access control (ABAC) (e.g. [user:1] can [view] [department:accounting] if [geo == "us"]), and relationship based access control (ReBAC) (e.g. [user:1] is an [editor] of [document:docA]).

Features

  • HTTP APIs for managing your authorization model, access rules, and other Warrant resources (roles, permissions, features, tenants, users, etc.) from an application, a CLI tool, etc.
  • Real-time, low latency API for performing access checks in your application(s) at runtime (e.g. is [user:A] an [editor] of [tenant:X]?)
  • Integrates with in-house and third-party authn/identity providers like Auth0 and Firebase
  • A queryable, global event log that tracks updates to your authorization model, access rules, and all other Warrant resources, making auditing and debugging simple
  • Officially supported SDKs for most popular languages and frameworks
  • Support for a number of databases, including: MySQL, Postgres, and SQLite (in-memory or file)

Use Cases

Warrant is built specifically for application authorization and access control, particularly for product, security, and compliance use-cases. Examples of problems Warrant solves are:

  • Add role based access control (RBAC) to your SaaS application with the ability for your customers to self-manage their roles and permissions via the Warrant self service dashboard or your own custom dashboard built using Warrant's component library.
  • Allow customers to define and manage their own roles & permissions for their tenant (organization)
  • Add 'fine grained RBAC' (role based access to specific resources)
  • Implement fine grained, object/resource-level authorization specific to your application's data model ([user:1] is an [editor] of [document:x])
  • Add centralized and auditable access control around your internal applications and tools.
  • Implement 'approval flows' (i.e. request access to a resource from an admin -> admin approves access).
  • Add Google Docs-like sharing and permissioning for your application's resources and objects.
  • Gate access to SaaS features based on your product's pricing tiers and feature packages.
  • Satisfy auditing and compliance requirements of frameworks and standards such as SOC2, HIPAA, GDPR and CCPA.

Getting Started

Warrant Cloud

The quickest and easiest way to get started with Warrant is using the managed cloud service. You can sign-up for a free account here.

Warrant Cloud is compatible with the same APIs as this open source version and provides additional functionality like:

  • An admin dashboard for quickly managing your authorization model and access rules via an intuitive, easy-to-use UI
  • A real-time query API to query and audit access rules for a given subject or object (e.g. which users in tenant:1 have access to object:A?)
  • Multi-region availability
  • Improved access check latency & throughput for large scale use cases.

Once you've created an account, refer to our docs to get started.

Self-hosting

To self-host or run Warrant locally, check out our local development guide.

SDKs

Warrant's native SDKs are compatible with both the cloud and open-source versions of Warrant. We currently support SDKs for:

Documentation

Visit our docs to learn more about Warrant's key concepts & architecture and view our quickstarts & API reference.

Support

Join our Slack community to ask questions and get support.

Contributing

Contributions welcome. Please see our contributing guide for more details.