Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules. - Source: dev.to / 3 months ago
The specific challenge with authz in the app layer is that different apps can have different access models with varying complexity, especially the more granular you get (e.g. Implementing fine grained access to specific objects/resources - like Google Docs). Personally, I think a rebac (relationship/graph based) approach works best for apps because permissions in applications are mostly relational and/or... - Source: Hacker News / 4 months ago
Let's use warrant.dev as an example. The system provides a set of REST APIs for you to define object types and access policies (called warrants). The general process is first to create object types using HTTP POST:. - Source: dev.to / 5 months ago
Https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK. - Source: dev.to / 6 months ago
Hey HN, I recently shared my thoughts on why Google Zanzibar is a great solution for implementing authorization[1] and why we decided to build Warrant’s core authz service using key concepts from the Zanzibar paper. As I mentioned in the post, we recently open sourced the authz service powering our managed cloud service, Warrant Cloud[2], so I thought I’d share it with everyone here. Cheers! [1]... - Source: Hacker News / 10 months ago
More than two years after choosing to build Warrant atop Zanzibar’s core principles, we’re extremely happy with our decision. Doing so gave us a solid technical foundation on which to tackle the various complex authorization challenges companies face today. As we continue to encounter new scenarios and use cases, we’ll keep iterating on Warrant to ensure it’s the most capable authorization service. To share what... - Source: dev.to / 10 months ago
> though we would have preferred a managed solution We completely agree here, which is why we initially started out with our managed cloud offering, Warrant Cloud[1]. While Zanzibar is powerful, operating it with solid latency/availability can be quite challenging. [1] https://warrant.dev/. - Source: Hacker News / 10 months ago
What we're building at Warrant (https://warrant.dev/) might work for a lot of what you mentioned including APIs to build and manage multi-tenancy, groups, users, orgs/tenants. Note - Warrant is an authz engine so it doesn't handle authn/identity/SSO but can plug-in with any authn system. - Source: Hacker News / about 1 year ago
They might not be the exact same concept but they're definitely related. I'd argue feature flags, authorization, and pricing tiers/entitlements all make up modern 'access control' and 'access management'. It used to be that authz was just roles and permissions assigned to users, or feature flags & entitlements just booleans, but sophisticated systems allow for all kinds of permutations and rules based on... - Source: Hacker News / about 1 year ago
Disclaimer: I'm a founder at warrant.dev. We've built a managed cloud-based authz system that works for a variety of authz schemes (RBAC, fine-grained, custom). Source: about 1 year ago
Disclaimer: I'm the founder of an authorization company [1] & previously worked at a large, enterprise/SaaS company so basing my comment on my experiences. Your considerations and things you need to worry about will vary greatly based on your stage (early-stage startup, late-stage startup, public, etc.), market (fintech, health-tech, etc.) and customers you target (early-stage startups or bigger, Fortune 100... - Source: Hacker News / over 1 year ago
I know of warrant.dev, osohq.com, and Ory Keto but I don't see that these evaluate based on attributes. Source: over 1 year ago
Https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK. - Source: dev.to / over 1 year ago
Warrant — Hosted enterprise-grade authorization and access control service for your apps. Free tier includes 1 million API requests per month and 1,000 authz rules. - Source: dev.to / over 1 year ago
Warrant is a fully managed authorization service that helps you add access control to your application and manage its access policies over time. Built from the ground up to solve the challenges of building and maintaining authorization in consumer & enterprise SaaS products, Warrant makes it dead simple to implement role based access control, fine grained access control, and other authorization schemes. Add... - Source: dev.to / about 2 years ago
Which service to use for billing will depend on how you plan to charge your customers (flat monthly rate, usage based, etc.), so it's worth thinking about pricing first and then exploring the options available on the market. Even though they don't have a specific usage based billing product, my default recommendation is Stripe because it's so easy to setup and manage, and they really have the best... - Source: Hacker News / over 2 years ago
What stack are you building on? Warrant (https://warrant.dev) can help with implementing authorization. Happy to chat if you have any questions (full disclosure: I'm one of the co-founders). - Source: Hacker News / over 2 years ago
Thanks for your response! A lot of the issues and solutions you mentioned remind me of my time in past roles. More companies deal with authz related issues than we think, yet there aren't many products available that solve these long-term operational problems (UI, managing existing/new permissions over time, etc). Most solutions are just basic DIY libraries, although services like Warrant (https://warrant.dev/)... - Source: Hacker News / over 2 years ago
Access Control isn't a core focus for most applications, but it's critical to get right. The margin for error is very low, and even a minor issue in authorization logic could expose privileged data and actions to users who shouldn't have access to them. If you don't want to worry about authorization best practices and implementing secure access control, use Warrant to add access control to your application using... - Source: dev.to / over 2 years ago
A great introductory read on such an expansive topic. Authz is a long-standing problem without a real standardized solution yet. I think improving everyone's understanding of the core problems that authz presents is a nice first step to building better standards/best practices. Whether you're building something in-house or evaluating a third party library/service, I've found that OWASP has great content,... - Source: Hacker News / over 2 years ago
We’re Aditya and Karan, the co-founders of Warrant (https://warrant.dev/). We build APIs and infrastructure that helps developers implement authorization and access control in their apps. Implementing flexible authorization that grows with your application is difficult. Many products only need authentication early on but eventually require authorization; however, adding complex authorization to a mature, high... - Source: Hacker News / over 2 years ago
Do you know an article comparing Warrant to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Warrant. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.
