At a Glance:
Permify is an open-source authorization service inspired by Google Zanzibar that provides fine-grained access control at scale, supporting centralized authorization checks via REST and gRPC APIs in tens of milliseconds for any application or service.
Overview:
Permify is an open-source authorization service designed for building and managing fine-grained access control for applications and services. Inspired by Google's Zanzibar authorization system, it centralizes authorization logic outside of codebases, allowing developers to perform access checks such as "can user X view document Y?" or "which posts can members of team Y edit?" across any application. The system is designed to handle resource-specific, hierarchical, and context-aware permissions using a domain-specific language compatible with RBAC, ReBAC, and ABAC models. Permify supports multi-tenant authorization with isolated logic per vendor or organization, responds to authorization queries in tens of milliseconds, and offers both a self-hosted Community Edition and a managed cloud service.
Key Decision Points:
Deployment model: Available as a self-hosted Community Edition for manual infrastructure management or as a managed cloud service with high availability, backups, and SLAs.
API access: Serves authorization functionality through both REST API on port 3476 and gRPC on port 3478, with authorization data optionally stored in memory for local testing.
Performance characteristics: Demonstrated handling of 10,000 requests per second with 0% request failures and median latency of ~15ms under load testing with 1000 virtual users.
Tenant isolation: Supports setting up isolated authorization logic and custom permissions per tenant, managed from a single place.
Release cadence: Self-hosted Community Edition receives long-term releases four times per year, while the cloud version is continuously updated multiple times per week.
Premium feature boundaries: The Community Edition does not include observability dashboards or data synchronization features, which are reserved for the cloud offering.
Core Features:
Centralized authorization service: Abstracts authorization logic from application code as a standalone service that responds to access control checks from any connected application.
Domain-specific language for permissions: Allows creation of granular, resource-specific, hierarchical, and context-aware permissions and policies compatible with RBAC, ReBAC, and ABAC models.
Multi-tenancy support: Enables setting up isolated authorization logic and custom permissions for individual tenants while managing them in a single place.
High-performance access checks: Delivers access control responses in tens of milliseconds, with load testing showing sub-50ms p(90) latency at 10,000 requests per second.
Dual API protocol support: Exposes authorization operations through both REST API and gRPC Service interfaces.
Use Cases:
Application developers: Offloading authorization logic to a dedicated service to centralize, test, and debug permissions separately from core application logic.
Multi-tenant platforms: Managing isolated authorization rules and custom permissions per vendor or organization from a single authorization service.
Systems requiring fine-grained access control: Implementing resource-specific and context-aware permission checks across services that need millisecond-level response times for authorization decisions.
Open-Source Alternative Value:
Permify provides a self-hosted Community Edition that allows developers to deploy their own authorization infrastructure on any server or cloud provider of their choice. The project is released under an open-source license with the core authorization engine available for self-hosting, giving teams direct control over their authorization data and infrastructure management. It serves as an alternative to building custom authorization systems from scratch or relying solely on managed authorization services, with the option to transition to a managed cloud offering without changing the underlying authorization model.
