60 pointsby orweisover 2 years ago

Hi HN! Co-Founder of Permit.io here, I’ve built access-control to my products, thousands of times throughout my career - and at no point did I want to.We adopted OPA, created OPAL.ac (open-source), and Permit.io on top - so no developer would have to build permissions again.To truly solve this problem end-to-end we’re releasing Permit-Elements (<a href="https://permit.io/elements" rel="nofollow">https://permit.io/elements</a>) - embeddable UIs providing the interfaces you need so your end-customers can control access-control (e.g. user-management, audit-logs, approval flows, permission requests, api-key management, …)Check out the full tutorial: <a href="https://youtu.be/xGYdDF65lkQ" rel="nofollow">https://youtu.be/xGYdDF65lkQ</a>The solution highlights: - Authorization for Authorization (who can control who controls permissions) - Security (auditing, real-time decision making and meeting industry standards) - An easy integration (generate and embed a JS snippet)There’s a lot more to do, we’d love your feedback on Permit in general, this feature, and others. Chat with us on Slack (<a href="https://bit.ly/permit-slack" rel="nofollow">https://bit.ly/permit-slack</a>)Thanks, Or Weis

6 comments

dangover 2 years ago

Guys, you can't do promotional upvoting and commenting on HN. This is in both the site guidelines and the FAQ—that's how important it is:<a href="https://news.ycombinator.com/newsguidelines.html" rel="nofollow">https://news.ycombinator.com/newsguidelines.html</a><a href="https://news.ycombinator.com/newsfaq.html" rel="nofollow">https://news.ycombinator.com/newsfaq.html</a>HN users are extremely vigilant about it and can usually figure out what's going, as they did here, and then they flag the posts and complain to us and use unkind words like 'spam'.

评论 #34544316 未加载

odedbendover 2 years ago

I don't know. This seems to be something I’d get a slap on the hand from our security team. No chance ever they give away the power they have for control who have permission. Just me??

评论 #34531542 未加载

评论 #34530740 未加载

YouWhyover 2 years ago

I like where this is headed.A lot of application frameworks have some kind of a security policy engine, but all of these invariably are inadequate - because modern policy management is about interfacing outside of systems, and that they don't do.Exactly in the same way that load balancing should not be a part of an application framework, neither should authorization.A coherent, formalized, well manageable policy engine can go a great deal for practical organization security

osigurdsonover 2 years ago

Is this kind of like Auth0 but with more common features built in, or is something like auth0, AzureAD still needed in order to issue jwts?

评论 #34532207 未加载

michaelbdover 2 years ago

How is this different from what I can get from OPA?

评论 #34531144 未加载

pantojax45over 2 years ago

Can you self host this? Feels dangerous to check an external service for RBAC.

评论 #34531805 未加载

Show HN: Permit Elements- UIs to let your customers manage their own damn RBAC