What is Permit?
Permit.io is a company that has devoted it's efforts to solving the common problems of Authorization and permissions within companies.
We offer a Fullstack permission service, where we enable developers to bake-in permissions and access control into their products within minutes, as well as scale and update their policies on the fly. This means they can focus more on their product and business needs.
A backend developer can call the Permit SDK and get a clear answer if User A has the permissions to see Resource B.
Fullstack Authorization
At Permit.io, we believe that authorization isn't just about how your software enforces access. It is also about the experiences the developer teams and their users have with the software. For the best experiences, we provide a suite of tools:
Infrastructure - A centralized control panel, SDKs, APIs and microservices you need to add to create a decision and enforcement points.
Backoffice - A set of (no-)code tools that the rest of the team (e.g. product, security, support, sales) can use to offer that extra product support. We empower developers so they can easily empower the rest of their team.
Interfaces - A complete UI solution for your end-users.
When combining all three layers, you get our product - Permit.io. Permit delivers an end-to-end solution, covering all access-control needs so that you won't have to build anything.
OPA & OPAL
A key part of Permit.io's infrastructure is the open-source combo of OPA and OPAL.
- OPA (Open Policy Agent) is a generic policy-based decision engine.
- OPAL (Open Policy Administration Layer) is a real-time solution to keep policy agents updated with the policies and data they need in an event-driven distributed fashion.
When you use Permit.io's authorization microservices you get OPA and OPAL as the built-in defaults.
Realtime Permissions
Let's consider a simple policy -
Only users that have paid for a feature should have access to it
The information on who has paid would usually be managed by a third party service, such as Stripe or Paypal. We would want those changes in these services to update our authorization layer as soon as possible, so they can change access accordingly.
OPAL provides this through its event driven architecture.