Access control bypassing has emerged as the topmost threat in the OWASP Top Ten 2021 (OWASP Top Ten). Our mission is to develop an open-source project dedicated to creating the premier authorization solution tailored for enterprise environments.

Problems With Existing Solutions

Numerous authorization solutions, such as Open Policy Agent (https://www.openpolicyagent.org/), Cerbos (https://github.com/cerbos/cerbos), Oso (https://github.com/osohq/oso), and Permit.io (https://www.permit.io/open-source), are available. However, a common limitation shared among them is their attempt to cater to all conceivable use cases. This complexity poses challenges for developers who must navigate yet another access control policy. Consequently, this results in a higher likelihood of errors and slower implementation of access control enhancements.

Enterprise-Ready Access Control

RBACPro aspires to become the preferred choice for enterprise authorization. This section provides a brief overview of the fundamental components of enterprise software.

Functional Requirements

• Multi-Tenant Support: Enterprise authorization solutions must inherently accommodate multi-tenancy. At the core of this support is the ability to manage authorization for each organization effectively.
• RBAC Variants: Every organization requires specific RBAC configurations tailored to their unique needs and requirements.
• Attributes and Conditions: While fine-grained access control is essential, the need for attribute-based and condition-based access control is evident.

Non-Functional Requirements

• High Performance and Availability: RBACPro is designed to deliver exceptional performance and ensure high availability, meeting the demands of enterprise-scale environments.
• Cloud Readiness: We have positioned RBACPro to seamlessly integrate with cloud environments, ensuring scalability and adaptability for modern enterprise infrastructures.
• Developer Experience: We believe strongly that a developer experience is key to success. A typical lifecycle is PoC, develop, test, deploy.

Our Approach

Identify and innovate the essential foundational components required to empower developers in the rapid customization of enterprise access control services. These components should seamlessly integrate with production-ready authorization services within cloud environments, enabling swift deployment within minutes.