Warrant has been acquired by WorkOS! 🎉 Read the official announcement for more details.

Fine Grained Access Control

Implement robust, flexible, global scale Fine Grained Access Control (FGAC) in minutes with Warrant.

ACCESS PASSuser 6k345jkDenyvieweruser 6k345jkQ4_metricsSubjectSubjectdocumentRelationdocumentQ4_metrics

Zero to Production in Minutes

Add global-scale, production-ready fine grained access control to your application in minutes and delight your users with a secure, easy-to-use access management experience.

1#
2# Check that user is not viewer of document.
3#
4warrant check \
5    user:michael viewer document:Q4_metrics --assert false
6

7#
8# Assign user as viewer of document.
9#
10warrant assign \
11    user:michael viewer document:Q4_metrics
12

13#
14# Check that user is now viewer of document.
15#
16warrant check \
17    user:michael viewer document:Q4_metrics --assert true
18

19

20

1{
2    "type": "team",
3    "relations": {
4        "admin": {},
5        "manager": {
6            "inheritIf": "admin"
7        },
8        "member": {
9            "inheritIf": "manager"
10        }
11    }
12}

Model Permissions as Schema

Model any access control scheme from RBAC to FGAC & ABAC, or create a custom model that fits your use-case and requirements using object types.

Components & Self-Serve Flows

Delight users with pre-built components and self-service flows for managing permissions on resources throughout your applications.

Comprehensive Audit Logs

Audit changes to your authorization model and monitor every permission check and its resulting decision, making it easy to meet compliance standards like SOC 2, HIPAA, ISO 27001, and PCI.
1# list all users who are viewers
2# of document:Q4_metrics
3select viewer
4of type user
5for document:Q4_metrics
6

7# list all documents for which
8# user:michael is an editor
9select document
10where user:michael
11is editor
12

Queryable Permissions

Use the Warrant Query Language (WQL) to query exactly who has access to a particular resource or to list all of the resources a particular user has access to.

From Our Blog

Zanzibar: Google's Consistent, Global Authorization System

A deep-dive into Google Zanzibar, covering its key concepts and its strengths and weaknesses.

Why Google Zanzibar Shines at Authorization

Our CTO explores what makes Google Zanzibar especially compelling for building application authorization.

Understanding Relationship Based Access Control (ReBAC)

A deep-dive into Relationship Based Access Control, covering what it is, when/why to use it, and its pros/cons.