Introduction Role-Based Access Control (RBAC) is an access control pattern that governs the way users access applications based on the roles they are assigned. Roles are essentially groupings of permissions to perform operations on particular resources. Instead of assigning numerous permissions to each user, RBAC allows users to be assigned a…

Every so often we hear the question: “Isn’t authorization part of authentication?” Simply put, the answer is — no. Authentication and Authorization are related, but they are separate concepts in the overall security model of an application: Authentication is the process of verifying that a user is who they say…

Role-Based Access Control (RBAC) is a method for restricting users from accessing protected resources. Resources are associated with permissions, and permissions and grouped into a set of distinct roles. Users are then assigned roles that correspond to their function in the organization. …

When thinking about implementing an authorization solution, we are faced with the choice of whether to use a library that would be embedded in our application code, or to set up a service to which our application will make authorization calls. …

The Open Policy Agent (OPA) project is an incredibly flexible and powerful policy engine. While being a general-purpose decision engine, it is applied heavily in the infrastructure space. At Aserto, we think its use can be extended to the fine-grained application authorization use case as well. OPA is at the…

Many of us have at one time or another implemented or considered implementing our own role-based access control (RBAC). Though it can seem simple at first, you must take care to ensure you’re following best practices. …

Overview Aserto is a cloud-native authorization platform that allows you to avoid having to build your own access control solution and instead frees you up to focus on your core user experience. In this tutorial you will learn how to integrate the Aserto SDK in the context of a Node.js service…

Perimeter security has been dying a slow death over the better part of a decade, as breaches of the corporate network have become commonplace. …

[This article first appeared on The New Stack]. Authorization has become quite a hot topic: Intuit, Airbnb, Google, and others have recently described the architectural challenges surrounding authorization at scale, and the solutions that they’ve built internally to address them. As a developer of a B2B SaaS application, you may…