Permit logo

Never Build Permissions Again

Developer-friendly full stack authorization for any application powered by - Policy-as-Code, APIs, SDKs, and UIs

Get Started
  • tesla
    Nebula
    bp
  • paloalto
    salt
    inventa
  • Cisco
    Rubicon
  • Maricopa County Recorder"s Office
    vega
  • Intel
    Granulate
  • Honeycomb
    optum

A no-code authorization platform anyone can use.

  • Allow your entire team - from devs to sales, to securely manage permissions

  • The only solution with a no-code policy editor. Supports any model - RBAC, ABAC and ReBAC.

  • Permit generates fully transparent policy as code based on OPA's Rego or AWS' Cedar

  • Everything is managed as code in Git and controlled with a simple API

APIs for everything

Create, manage and automate your policies with Permit's API. Anything done via the UI can be done with our API, Terraform provider or SDKs as well!

One platform, any use case

  • RBAC

    Role based access

    Role based access
    default allow := false
    allow if {
      some role in data.users[input.user].roles
      actions := roles[role][input.resource.type]
      input.action in actions
    }
    roles["Banker"]["Loan"] := [
    	 "View","Approve","Decline"
    ]

    Create dynamic Role Based Access Control policies, like:

    " Banker can Approve Loan "

  • ABAC

    Granular attributes

    Granular attributes
    default allow := false
    allow if {
      some _, allowed_actions in conditions
      input.action in allowed_actions[input.resource.type]
    }
    conditions["Weekend Shift Employee"]["Database"] := [
    	 "Read", "Update", "Backup", "Restore"
    ] if {
    	 work_days := { day |
        day := data.users[input.user].attributes.work_days[_]
      }
      count({"Saturday", "Sunday"} & work_days) > 0
    }

    Build nuanced attribute based access control policies by adding attributes, like:

    " Weekend Shift Employees
    can access Database during Weekend "

  • ReBAC

    Resource and user hierarchies

    Resource and user hierarchies
    default allow := false
    allow if {
    	 patient_caregiver = true
    }
    patient_caregiver if {
    	 user_roles := data.users[input.user].roles
    	 some assigned_resource, assigned_roles in user_roles
      some role in assigned_roles
      input.action in roles[role][input.resource.type]
      assigned_resource in resource_relationships
    }
    resource_relationships[resource] {
      related_resources := graph.reachable(
        full_graph,{input.resource.id}
      )
      some resource in related_resources
    }
    full_graph[child] := parent if {
    	 all_resources := [resource | resource := data.resources[_]]
     	some child, parent_resource in object.union_n(all_resources)
    	 parent := [object.get(parent_resource, "parent_id", null)]
    }
    roles["Caregiver"]["Record"] := ["View", "Update", "Share", "Archive"]

    Create policies based on relationships between users and resources, like:

    " Caregiver of a Patient
    can View Patient's Medical Files "

Fully functional authorization in 5 minutes

Just add permit.check() to your code, middleware, mesh, or API gateway.

Homebrew
With Permit
  • Seamlessly migrate from any existing authorization solution

  • GitOps and Multi-tenancy available out-of-the-box

Hybrid Model

Secure, event-driven, compliant.

Engines

OPA / Ceder

Policy Updater

OPAL

  • All authorization decisions are made on your side with zero latency

  • Use sensitive data for authorization decisions, without it ever leaving your VPC/Network

  • Permit is always up (+99.99) - but you are not dependent on our availability

  • Compliant with HIPAA, SOC2, and more

How the Hybrid Model fits your architecture?

Flexible, Customizable, and Scalable Implementation

Supports any Authentication provider

Got questions? Talk with our devs.

Chat over Slack

Works great for any industry

Just listen to what these folks had to say...

  • Tal Saiag | Granulate Founder & CTO

    Tal Saiag

    Granulate Founder & CTO

    At Granulate we optimize our customers’ most critical systems; as a result, getting access control right is of the highest importance. Full stack permissions as a service allows our developers to focus on their core product. I was extremely impressed both by Permit.io’s technology and its dedication to customer service.
  • Matan Bakshi | Buzzer.ai Founder & CTO

    Matan Bakshi

    Buzzer.ai Founder & CTO

    Building authorization for Buzzer’s call-rep on-demand service was a challenging task, but with Permit.io we were able to get it up and running end-to-end in just a few days.
  • Ran Ribenzaft | Cisco, Epsagon CTO

    Ran Ribenzaft

    Cisco, Epsagon CTO

    At Epsagon (acquired by Cisco) we are no strangers to the complexity of microservices. Access control demands of microservices are never-ending , so they require a modern stack that can quickly adapt to the most demanding tech and security needs.
  • Nate Young | CIO, Maricopa County Recorder's Office

    Nate Young

    CIO, Maricopa County Recorder's Office

    Permit’s intuitive policy editor allows access to complex attribute-based conditions that are robust enough for our developers to use, yet simple enough for our non-technical staff to configure without the need for IT assistance
  • Hongbo Miao | Tesla Senior Software Engineer

    Hongbo Miao

    Tesla Senior Software Engineer

    Moving to modern authorization for microservices is no easy feat, but OPAL made it easy. When I was learning and exploring replicator solutions for OPA myself in my free time, I found that OPAL is a very mature solution for the open-policy administration layer and beyond.
  • Jean Philippe Boul | Co-founder & COO Jules AI

    Jean Philippe Boul

    Co-founder & COO Jules AI

    At Jules we aim to streamline the process of buying/selling recycled materials, and sharing access as part of our portal is an important step to achieve that. Allowing users to share access is both important to get right and hard to do so, we're delighted to have Permit solve this problem for us end to end.

Test in minutes, go to prod in days.

Get Started Now

Join our Community

2026 Members

Get support from our experts, Learn from fellow devs

Join Permit's Slack