Version: 2.0.0

Permit Strength Points

This checklist highlights Permit’s unique advantages over homebrewed and alternative solutions, showcasing why it stands out in the authorization and access control space.

Policy Builder (UI/API/SDK/IaC/PaC)

The Permit’s Policy Builder provides an intuitive way to define and manage authorization rules while maintaining the flexibility of Policy-as-Code. Every policy created through the UI is automatically generated as code, making it fully GitOps-compatible for version control, collaboration, and automation.

RBAC (Role-Based Access Control) – Assign permissions based on user roles.
ReBAC (Relationship-Based Access Control) – Define permissions based on user relationships.
ABAC (Attribute-Based Access Control) – Fine-grained control based on user, resource, and environment attributes.

Dynamic Policy Updates

Permit enables fully event-driven dynamic policy updates via our open-source project OPAL. This ensures that policy changes are propagated in real-time across distributed environments without requiring application restarts or manual interventions.

Fully Event-Driven Data Updates

Permit leverages the event-driven, open-source data update engine of OPAL to ensure real-time, dynamic data synchronization. With OPAL, you can define centralized data sources that seamlessly sync application data across distributed Policy Decision Points (PDPs), enabling zero-latency authorization decisions.

Stateful or Stateless Flexibility

You can choose how to load and manage authorization data:

Stateless Mode – Dynamically load data as part of an input query for real-time checks.
Stateful Mode – Maintain state within Permit by syncing data from multiple sources, ensuring authorization decisions are made with preloaded context.

Data Plane Segregation from Control Plane

Permit provides a strict separation between the centralized Control Plane (where policies are managed) and the distributed Data Plane (where authorization decisions are enforced). This architecture improves security, scalability, and compliance.

More details: Control Plane & Data Plane

Custom Data Modelling & Schema

Permit allows organizations to define and structure their own authorization data models.

Support for hierarchical and custom attributes.
Seamless integration with identity providers and databases.
More info: Managing Data and Building ABAC Policies

Unmatched Data Consistency & Low Latency

Permit’s hybrid architecture provides multiple consistency guarantees:

Zero Latency: Local PDPs (Policy Decision Points) execute decisions instantly at the edge (<10ms on p95).
Hybrid Model: Provides centralized policy management while maintaining local enforcement.
Fine-Tuned Consistency Options:
- Eventual consistency (PDP updates within ~100ms on P95)
- Fully consistent updates for mission-critical policies
- Health-check-based consistency with callbacks for dynamic environments

Support for Multiple Authorization Models

Permit provides out-of-the-box support for:

RBAC (Role-Based Access Control)
ReBAC (Relationship-Based Access Control)
ABAC (Attribute-Based Access Control)
PBAC (Policy-Based Access Control), enabling highly configurable policies using Rego, Cedar, Terraform, and other languages

Advanced Authorization Queries

Permit provides powerful authorization queries, starting with basic enforcement and extending to resource visibility, bulk operations, and fine-grained access control.

Basic Enforcement: Check authorization decisions
Feature Flagging: Enable conditional access with CASL

But Permit goes beyond simple YES/NO checks by enabling:

Resource Visibility: List all resources a user can access
Action-Specific Checks: Determine all actions a user can perform on a resource
Filtering & Fine-Grained Access Control: Identify deletable resources

Open Source & Licensing

Permit embraces open-source principles, allowing full transparency and flexibility:

All customer-deployed components (PDP, SDKs, OPAL) are open-source under Apache licenses.
Organizations can self-host components while maintaining full control over their authorization logic.
More details: Open-Source Fallback

Enterprise-Grade Compliance & Security

Permit offers industry-leading security and compliance capabilities to ensure full transparency, control, and auditability.

Decision Logs: Human and machine-readable logs capturing every authorization event, enriched with detailed metadata for full transparency.
Two Types of Audit Logs:
- Permit Audit Logs – Track internal authorization system changes.
- API Logs – Monitor API-based authorization events.
Authorization for Authorization (AuthZ for AuthZ) – Control who can modify policies, ensuring governance over policy changes.
SOC 2 Type II & HIPAA Compliance – Meet enterprise-grade security and data privacy standards.

Telemetry & Observability

Permit provides extensive observability features for monitoring and debugging:

Supports OpenTelemetry for distributed tracing
Structured Logging for deep analytics
Datadog Integration for seamless application monitoring

Backup & Versioning

Permit ensures robust backup and disaster recovery mechanisms:

Git-backed policies for version control and policy auditing
Backup & point-in-time restore to recover previous authorization states
Persisted PDP states to ensure fault-tolerant deployments

Permit delivers enterprise-grade, flexible, and high-performance authorization that outmatches traditional solutions. Explore more at Permit.io.

Policy Builder (UI/API/SDK/IaC/PaC)​

Dynamic Policy Updates​

Fully Event-Driven Data Updates​

Stateful or Stateless Flexibility​

Data Plane Segregation from Control Plane​

Custom Data Modelling & Schema​

Unmatched Data Consistency & Low Latency​

Support for Multiple Authorization Models​

Advanced Authorization Queries​

Open Source & Licensing​

Enterprise-Grade Compliance & Security​

Telemetry & Observability​

Backup & Versioning​

Contents