Loading Custom Data

There are three ways you can load data into Permit / your PDPs:

1. Loading to Permit as a database - storing attributes per object in the UI or API
2. Loading data as part of the input for authorization queries.
3. Loading data asynchronously in the background from data sources via OPAL

Via a user in the UI

When navigating to the user interface, you have the option to edit the user attributes for each unique user. These attributes are then sent to the Permit backend and stored by with the user record in our database.

As you perform a permit.check() for any individual user to check his access, these attributes are dynamically loaded into the function and the enforcement is evaluated based on the policy and the user attributes.

Via the permit.check() function

As a permit.check() is called, it checks and verifies the actions a user might have on a particular resource. The three parameters you need to pass into the function are the unique user id, action and resource. As part of the function, rather than passing in the user id and resource, you can pass in a whole object that will contain the user or resource attributes.

These attributes are evaluated on each enforcement check. This also gives you the flexibility to pass in dynamic / just-in-time attributes and evaluate these against the policies.

Here is an example of the code:

const permitted = await permit.check(
    {
        key: "john@smith.com",
        attributes: {
            location: "England",
            department: "Engineering",
        },
    },
    "read",
    {
        type: "file",
        attributes: {
            isPaying: "true",
        },
    }
);

Via the API

Permit provides an elegantly crafted API editor designed to streamline the structuring of your policies, facilitate seamless audits, and effectively manage team members, among other functions. Notably, the entire no-code user interface operates on a fully API-driven backbone, allowing for the seamless automation of any action within the system.

note

You can find the whole redoc referencing all the API functionality here.

In general, you can define attributes for individual users, or individual resources. You can follow the API call to define user attributes and resource attributes.

Via OPAL

Using the OPAL Scope Config API, you can set your own data sources to be fetched and loaded into your PDPs using OPAL. This allows using data without needing to share it with Permit's control plane.

To make changes to the OPAL Scope, use the OPAL Scope API. Simply include the project and environment IDs in the API endpoint URL - don't worry, our guide can show you where to find them.

Out of the box, Permit automatically pulls in details about users, roles, and more from its cloud database to the PDP's policy engine, setting a solid foundation for your policy.

To view the the data structure loaded into PDPs used by default check out the API reference and the example here. Notice that this API is in EAP stage might be subject to changes !

The complete guide on how to use the Scope Config API and integrate external data sources can be found here.