TEL AVIV, Israel, September 29, 2022 – Permit.io, the full-stack permissions framework, today announced Attribute Based Access Control (ABAC) with low code and no code interfaces. Starting today, development teams never have to build permissions into their cloud applications again, and even teams like product and sales can bake enterprise-grade permissions and access controls directly into their applications with just a few clicks. Permit.io launched out of stealth earlier this year with $6 Million in seed funding and is co-founded by Or Weis, former CEO and Co-Founder of Rookout; and Asaf Cohen, former software engineer at Facebook and Microsoft.
“When you first build an application, setting up permissions is more straightforward: you just have a single service and a few users, and what they can do is based on their role within the organization,” said Or Weis, CEO and Co-Founder of Permit.io. “This is what’s known as Role Based Access Control (RBAC). But as your application scales, Attribute Based Access Control (ABAC) is necessary to fully address all of the different use cases for your company and your customers. Building and maintaining an ABAC system yourself is incredibly complex and time consuming – which is why we’ve spent the past two years building a low code platform that makes it simple.”
Access control interfaces are a must have in modern applications, which is the reason many developers are spending time and resources trying to build them from scratch without prior DevSec experience. Permit.io provides all of the required infrastructure to build and implement end-to-end permissions out of the box, so that organizations can bake in fine-grained controls throughout their organization. This includes all of the elements required for enforcement, gating, auditing, approval-flows, impersonation, automating API keys and more empowered by low-code interfaces.
“I just need more flexibility than I get with traditional permissions architectures like Role-Based Access Controls (RBAC),” said John Henson, Software Architect at Nucor Building Systems. “We have an application that has 3 roles across 7 divisions and 3 environments – that would be 63 groups just to manage a very simple process. We realized this was not viable long term…we’d have 9000 groups for 5 apps in my active directory.”
Popular attributes to base permissions on:
Geo-location: Access granted or restricted based on location.
Subscribed/Unsubscribed: Access granted or restricted based on subscription status.
Paid/Unpaid: Access granted or restricted based on billing status information.
Quotas: Access granted or restricted based on the usage metrics of the user.
Ownership: Access granted to a specific resource instance only if it shares a relationship with the user.
According to the latest research from the Open Web Application Security Project (OWASP), broken access control presents the most serious web application security risk. Failures typically lead to unauthorized information disclosure, modification, destruction of data, or performing a business function outside the user’s limits. The report states that “94% of applications were tested for some form of broken access control.”
Permit.io is built on top of the open source project OPAL, also created by Or Weis and Asaf Cohen, which acts as the administration layer for the popular Open Policy Agent (OPA). OPAL brings open policy up to the speed needed by cloud applications, updating permissions dynamically as an application state changes via APIs, databases, git, Amazon S3 and other 3rd-party SaaS services. This ensures that every microservice is in sync with the policies and data required by the application in real time.
Get started with ABAC for free: permit.io/abac
Read the blog: permit.io/blog/announcing-abac
Check out the open source project OPAL: github.com/permitio/opal
Permit.io enables developers to bake in permissions and access-control into any product in minutes. Open source at its core, the platform builds on top of OPA+OPAL as a service, providing the API and UI access-control interfaces that make it simple to shift security left. Permit.io is founded by former engineers from Facebook, Microsoft, and Rookout and is already used by industry leaders like Accenture, Cisco, Tesla and others.