Skip to main content

Policy Editor

Writing and maintaining good authorization policies is hard. Permit.io Makes it easy by combining the power of a powerful authorization engine with the ease of use of a simple web interface. The Policy-Editor allows both novice and experienced users to create and edit authorization policies with ease - with code or low-code interfaces.

Authorization Models

Permit.io supports multiple authorization models - including RBAC (Role Based Access Control), ABAC (Attribute Based Access Control), and more. By default the UI is set to work with RBAC. Authorization models can always be extended with additional code.

Resources and Actions

Resources and Actions are at the core of the policy-editor and are defined in the editor (or within the application's configuration / via the API). Once defined, resources and actions become the layout for permissions - e.g. a Role that is assigned (checkbox marked) to a resource and action allows users with that role to perform the action on a resource.

OPA (Rego) Policies

By default, Permit.io uses OpenPolicyAgent (OPA) and its code based policy language to create and maintain authorization policies. Rego code can be created by using the low-code Policy Editor UI, or by directly writing code. Code created through the editor is merged into a Git repository (as part of the Permit.io cloud, or one of your choice). The stored policies are then deployed on the fly via OPAL to the multiple PDP microservices that you deploy.

GitOps

As mentioned above - Policies created with the policy-editor are merged into a Git repository, this allows to create a controlled process for creating and maintaining policies. Code-reviews, tests, and approval flows combine easily with GitOps in the Permit.io authorization development life cycle.

Screenshot

Policy Editor Screen Shot

Policy Editor example with two roles (Admin, Viewer) and three resources (task, boards, counts) Admin can do everything except delete tasks