Show HN: Permit Elements- UIs to let your customers manage their own damn RBAC (youtube.com)
We adopted OPA, created OPAL.ac (open-source), and Permit.io on top - so no developer would have to build permissions again.
To truly solve this problem end-to-end we’re releasing Permit-Elements (https://permit.io/elements) - embeddable UIs providing the interfaces you need so your end-customers can control access-control (e.g. user-management, audit-logs, approval flows, permission requests, api-key management, …)
Check out the full tutorial: https://youtu.be/xGYdDF65lkQ
The solution highlights: - Authorization for Authorization (who can control who controls permissions) - Security (auditing, real-time decision making and meeting industry standards) - An easy integration (generate and embed a JS snippet)
There’s a lot more to do, we’d love your feedback on Permit in general, this feature, and others. Chat with us on Slack (https://bit.ly/permit-slack)
Thanks, Or Weis
22 comments
[ 2.9 ms ] story [ 50.7 ms ] threadA lot of application frameworks have some kind of a security policy engine, but all of these invariably are inadequate - because modern policy management is about interfacing outside of systems, and that they don't do.
Exactly in the same way that load balancing should not be a part of an application framework, neither should authorization.
A coherent, formalized, well manageable policy engine can go a great deal for practical organization security
Updates are done through OPAL (https://opal.ac) - which has a a zero trust architecture (it sends instructions on how to get the data instead of the data itself) based on topics scoped with security tokens.
You can read all about it here: - https://docs.permit.io/concepts/control-plane-and-data-plane...
- https://docs.permit.io/security/connectivity
You pass the JWTs from your AuthN solution to permit's permit.check() function.
Read more: - https://www.permit.io/blog/what-is-authorization - https://docs.permit.io/tutorials/quickstart#check-for-permis...
Check out this example: https://youtu.be/-W-79h7FJLQ
https://news.ycombinator.com/newsguidelines.html
https://news.ycombinator.com/newsfaq.html
HN users are extremely vigilant about it and can usually figure out what's going, as they did here, and then they flag the posts and complain to us and use unkind words like 'spam'.