<Blog.Permify>

Best practices on Authorization, Authentication, Subscriptions and more to build ultimate B2B SaaS apps.

Fine-Grained Access Control: Where RBAC falls short

Deciding an access control structure is important for businesses since security plays an important role and authorization mechanisms sit at the heart of the system. So most businesses today consider authorization aspects meticulously. And these considerations lead to one common question: “How granular should the access control be?”In this article, we’ll primarily focus on this question and examine; what is fine-grained access control, where it is used, it's importance, and how to choose the right authorization granularity for your company.

Ege Aytin

November 24, 2022

Google Zanzibar In A Nutshell

In this article we’ll examine Zanzibar, which is the global authorization system used at Google for handling authorization for hundreds of its services and products including; YouTube, Drive, Calendar, Cloud and Maps.

Ege Aytin

October 20, 2022

Relational Based Access Control Models

Relational based access control has gained its popularity over years among startups to large enterprises. Yet, some large tech companies are already starting to use ReBAC as their leading access control model. In 2019 Google published white paper of its consistent, global authorization system called Zanzibar, which handles authorization for YouTube, Drive, Google Cloud and all of Google's other products. 

Ege Aytin

September 20, 2022

How to Get Authorization Right

In the past few months, we have talked to over 100 engineers from both Fortune 500 companies and startups about their approach to authorization. The complaints were playing in tune.Everyone hated syncing and moving authorization data. Most engineers agreed that modeling is hard, especially when it comes to never ending product requirements. Also, no one liked the fact that authorization logic is cluttering the code base, and creating technical debt. And last but not least, Many developers told us testing & auditing haunt them at nights. Even thought everyone run into similar problems, there was no consensus over a solution. Each team keep reinventing the wheel. Some teams spend months to clean out their technical debt, and build a full fledged authorization service. Yes, building unified authorization is hard. Here’s why, and how to properly solve it.

Ege Aytin

November 18, 2022

Open-source: Implement Role Based Access Management with Permify React Role

There is a well-established best practice for authorizations today. During the development, it should be well-structured and well-designed. Otherwise, you’re doomed to technical debt. In this tutorial, I will share an effective approach to implementing RBAC in React applications with React Role which is an open-source RBAC solution from Permify.

Eren Olgun

May 11, 2022

What's Poppin': April

I’m here with another What’s Poppin, where we bring you the latest updates on Permify. My name is Firat, and I’m the co-founder of Permify. I’ll start with my words in the most unauthentic way; At Permify we believe… Nope! We just make authorizations ready for you, so you can keep doing interesting stuff. Because even we know it’s frustrating. So here’s what we bring this month to keep things easy and interesting.

Firatcan Dogan

May 3, 2022

How to Build Your Auth0 Integration

In this article, I will explain how to build an Auth0 integration. I will perform this integration through the actions that auth0 has just introduced and are currently in beta.

Tolga Ozen

April 21, 2022

How to Create Access Control in Under 10 mins with Permify at NextJs Apps

In this tutorial, I will show you how to implement access control to your Next.js application using Permify. For client side access control checks we will use Permify React library and for server side access control we will use Node.js SDK of Permify.

Ege Aytin

April 11, 2022

What's Poppin No:1 - Product Updates at Permify

We’re bringing you the latest updates of this month. Bunch of new features and launches that will save hundreds of hours! We love building alongside you, so simply say “What’s popping?” and let us know what you want! This months product update; Permify Panel, Open-source Role Management Library, Discord Community, Laravel SDK,

Firatcan Dogan

May 1, 2022

Part 2: Authorization with Permify in NodeJS App

It's easy to whip up the first use case - adding a roles table to your database works for a while. However, products will eventually change, and further development needs to be done on bare minimum authorization systems because of different user needs and access management requirements. In this article, I'll show you how to set up a complex and future proof authorization mechanism for your NodeJS applications in minutes using Permify.

Ege Aytin

March 31, 2022

Laravel SDK - Where Laravel Authorizations Left-Off

The authorizations are decision mechanisms enforced in the most actions a user takes in an application. There is an enforced authorization decision for most of the components in your application. In other words, this means spreading authorization logic all over the code, and creating a spaghetti code.

Tolga Ozen

March 21, 2022

Why you need to outsource Authorization

Authorizations are usually a part that is overlooked. It's not seen as the core part of the product, and they usually build on hacked solutions with bare minimum requirements. However your product will quickly change, and further development needs to be done on your bare minimum authorization system because of different user needs and access management requirements. This will start to disturb your product development process. As your product scales, you’ll face the problem of not adding a feature to your product without considering the authorization mechanism. Then you’ll spend serious time of the development effort will go to refactoring, testing, and changing the access control mechanism which will take away your attention from your core product.

Ege Aytin

March 9, 2022

Part 1: Token-Based Authentication system in Node using PassportJs, Express, and MongoDB

In this piece, we will take a look at how to build a simple and solid authentication approach in NodeJS with PassportJs. We will create a demo express app that you will be able to use as an authentication boilerplate in your ExpressJs applications.

Ege Aytin

April 7, 2022

Cookie Management in ExpressJS to Authenticate Users

Express.js is a widely used NodeJs framework by far. We will create a demo app that demonstrates a simple implementation of cookie management in your Express.js apps to authenticate users. Let's start implementing cookie management with ExpressJS to authenticate users.

Ege Aytin

February 28, 2022

JWT Authentication in React

In this piece, we’re gonna build a demo app that demonstrates how to manage authentication in React.js using JWT. JWT is a common way to manage authentication in client-side applications. We'll cover How to set up the project, how to implement JWT Auth, Routeguard, and Access Token.

Ege Aytin

August 7, 2022

Implementing Role-Based Access Control in VueJS

Implementing client-side authorization is one of the toughest topics for frontend developers. Not just because it's complicated, but also it takes time to build it, especially for Business SaaS applications. In this post, I’ll share an effective approach to implementing RBAC in VueJs applications.

Ege Aytin

February 21, 2022

Stay in the loop

Join the conversation at our Discord community! Learn more about authorization, access control and security.

Join Discord
Community
Get in Touch
© 2022 Copyright Reserved by Permify
Legal