Authorization & Access Control Guides

Understand how to manage user access, enforce security policies, and protect sensitive resources.

The 4 main types of access control

Learn about the 4 main types of access control, how they work and how to choose the right one for your company.

What is Relationship-Based Access Control (ReBAC)?

Relationship-Based Access Control (ReBAC) is an authorization model that grants access based on user-resource relationships, offering a more dynamic approach compared to RBAC and ABAC. This blog breaks down how ReBAC works, its benefits and implementation challenges, and when it's the best fit for your app.

The developer's guide to RBAC

Authorization often takes a backseat to authentication, but it becomes critical as applications scale and and require finer access control. This article is a practical guide for developers on how to design, scale, and integrate role-based access control (RBAC): from simple roles to enterprise-ready systems with IdP syncing.

What is Google Zanzibar?

Learn what Google Zanzibar is, how to implement it, and how it compares to other authorization technologies.

What is authorization (authZ)?

Learn what authorization is, its different patterns, and best practices.

What is Attribute Based Access Control (ABAC)?

Attribute-Based Access Control (ABAC) provides a targeted, more precise way to manage who can see and use different resources and under which conditions.

What is RBAC? How it works and when to use it

Learn what RBAC stands for, its key benefits, and how to implement it effectively to maintain access control.

What is fine-grained access control?

Learn what Fine-Grained Access Control is and how it works.

The developer’s guide to Fine-Grained Authorization (FGA)

As apps have become more complex, especially with the rise of user-generated content, the need for a more granular and scalable authorization scheme has become crucial. Unlike other models, Fine-Grained Authorization defines permissions at the resource level, providing precision and the ability to handle millions of authorization requests per second.

What is entitlement management? A guide to secure access

Learn all about entitlement management: what it is, how it works, its benefits, and how to implement it effectively.

The complete guide to OAuth 2.0

Learn everything you need to know about OAuth: what it is, what problem it solves, and how it works.

Authorization glossary

A glossary of terms and definitions for all things related to authorization.

Understanding the OAuth 2.0 Client Credentials flow

Learn how to use OAuth for secure machine-to-machine communication with the Client Credentials flow.

Which authorization strategy is best for your app?

A practical framework for choosing between ACL, RBAC, ABAC, ReBAC, and FGA based on the access patterns your product actually needs.