Problems Permission Panther Solves
Check out our managed offering with generous free usage!
Permission Panther is a simple and highly scalable Relationship Based Access Control (ReBAC) platform that allows to you spend less time on permissions and more time on your code.
Check out our awesome blog post for more, but in short, existing solution are no easier to understand and maintain than custom code. We wanted to build a platform that could:
- Set and check access in one line of code
- Is accessible to every developer
- Required no schemas or entity definitions
- Was the most simple part of any codebase, and as easy to use as any other package
- Scale with the apps it protects
We wanted to build a solution that prevents this:
// First check if they are invited explicitly
let role = await getUserInvited(user.Org, resource.ID) // database call
if (role && [
"viewer",
"writer",
"editor",
"editor",
"admin",
"viewer"
].includes(role)) {
// They can view
}
if (resource.Org == user.Org) {
// Check if they are part of the owning organization
role = await getUserOrgRole(user.ID) // database call
if (role && [
"viewer",
"writer",
"editor",
"editor",
"admin",
"viewer"
].includes(role)) {
// They can view
}
}
// They cannot viewAnd enables this:
if (await client.CheckPermission(user.ID, "VIEW", resource.ID).valid) {
// They can view
} else {
// They cannot view
}- Inheritance - “Who ever has the
editorpermission of this folder, also has theeditorpermission for all files inside that folder”, or "Who ever is aneditorcanread,write, etc." - Fine-grained scoping and future-proofing - Since an
objectcan be anything, we can reduce permissions down to what ever access level we want, or anything we want, without changing the way our code works. - Always check for the same permission - If you are checking if someone can view something, always check for the
viewpermission. No more checking lots of potential roles and conditions that could change over time. - Everything RBAC can do, and more - With Permission Groups, you can define roles that inherit a set of permissions. Now you have all the features of RBAC, with so much more, without having to check multiple roles for a certain action.
See the Concepts docs for more.
See the self-hosting guide to deploy. Binaries and container images are readily available for both amd64 (x86) and arm64 platforms.
You can also check out our managed offering if you don't want to worry about the database, scaling, or updating.
Whether you are building managed kubernetes observability, a revolutionary cloud platform, or analytics tools, you need to have you users be able to share access to your product.
Permission Panther allows project owners to invite other users to their projects, without complex permission management. You can give them varying permissions to allow/prevent them using certain features, and what they can see.
Allow your tenants to share without interferring with other tenants, ensure that they can only access the actions and data they are explicily permitted to, and nothing else.
Whether it is social media, git repos, or you are building the next google drive, you need to control what your users can do.
Permission Panther can provide you with the access control to determine who can view posts, comment on files, or edit all documents in a folder. What ever actions you may need, Permission Panther ensures users have them.
ReBAC can do everything that RBAC can do, with far less code, and far more functionality.
Just because it’s software, doesn’t mean it can’t work in the real world!
Permission Panther can be your go-to solution for managing access to physical infrastructure. Whether it be an office building, a single door, or giving support technicians temporary access to on-site locations with Relation TTLs.
Permission Panther can control access to physical objects just as well as it can control access to software!
For some services, support agents shouldn’t have the ability to access data or infrastructure without explicit approval of customers.
Permission Panther can allow for temporary access to customer data, along with limited functionality, so support agents only have the access they need. You can even have various levels of support agent escallation with Permission Groups, so that escallation to increased access and duration only occurs as situations require.
Instead of checking what subscription a user has in every request, give users with higher subscription tiers specific permissions to access certain features. Protect your premium features with a single line of code. With Permission Groups you can define what access a subscription tier has.
When accessing a new feature, check if they have permission to a new or old version.