Permit.io, the full-stack permissions framework, announced Attribute Based Access Control (ABAC) with low code and no code interfaces. Starting , development teams never have to build permissions into their cloud applications again, and even teams like product and sales can bake enterprise-grade permissions and access controls directly into their applications with just a few clicks. Permit.io launched out of stealth earlier this year with $6 Million in seed funding and is co-founded by Or Weis, former CEO and Co-Founder of Rookout; and Asaf Cohen, former software engineer at Facebook and Microsoft.
“94% of applications were tested for some form of broken access control.”
“When you first build an application, setting up permissions is more straightforward: you just have a single service and a few users, and what they can do is based on their role within the organization,” said Or Weis, CEO and Co-Founder of Permit.io. “This is what’s known as Role Based Access Control (RBAC). But as your application scales, Attribute Based Access Control (ABAC) is necessary to fully address all of the different use cases for your company and your customers. Building and maintaining an ABAC system yourself is incredibly complex and time consuming – which is why we’ve spent the past two years building a low code platform that makes it simple.”
Latest ITechnology News: MaxLinear Partners with RFHIC to Accelerate Deployment of Ultra-Wideband 5G Power Amplifiers
Access control interfaces are a must have in modern applications, which is the reason many developers are spending time and resources trying to build them from scratch without prior DevSec experience. Permit.io provides all of the required infrastructure to build and implement end-to-end permissions out of the box, so that organizations can bake in fine-grained controls throughout their organization. This includes all of the elements required for enforcement, gating, auditing, approval-flows, impersonation, automating API keys and more empowered by low-code interfaces.
“I just need more flexibility than I get with traditional permissions architectures like Role-Based Access Controls (RBAC),” said John Henson, Software Architect at Nucor Building Systems. “We have an application that has 3 roles across 7 divisions and 3 environments – that would be 63 groups just to manage a very simple process. We realized this was not viable long term…we’d have 9000 groups for 5 apps in my active directory.”
Popular attributes to base permissions on:
- Geo-location: Access granted or restricted based on location.
- Subscribed/Unsubscribed: Access granted or restricted based on subscription status.
- Paid/Unpaid: Access granted or restricted based on b****** status information.
- Quotas: Access granted or restricted based on the usage metrics of the user.
- Ownership: Access granted to a specific resource instance only if it shares a relationship with the user.
Latest ITechnology News: Mavenir Launches 5G Small Cell for High-Capacity In-building Standalone Coverage
According to the latest research from the Open Web Application Security Project (OWASP), broken access control presents the most serious web application security risk. Failures typically lead to unauthorized information disclosure, modification, destruction of data, or performing a business function outside the user’s limits. The report states that “94% of applications were tested for some form of broken access control.”
Permit.io is built on top of the open source project OPAL, also created by Or Weis and Asaf Cohen, which acts as the administration layer for the popular Open Policy Agent (OPA). OPAL brings open policy up to the speed needed by cloud applications, updating permissions dynamically as an application state changes via APIs, databases, git, Amazon S3 and other 3rd-party SaaS services. This ensures that every microservice is in sync with the policies and data required by the application in real time.
Latest ITechnology News: Converge Technology Solutions Announces IBM zSystems and LinuxONE Certification in Canada
[To share your insights with us, please write to sghosh@martechseries.com]
