Introduction to OpenFGA

OpenFGA is a scalable open source authorization system for developers that allows implementing authorization for any kind of application and smoothly evolve as complexity increases over time. It is owned by the Cloud Native Computing Foundation.

Inspired by Google’s Zanzibar, Google’s internal authorization system, OpenFGA relies on Relationship-Based Access Control, which allows developers to easily implement Role-Based Access Control and provides additional capabilities to implement Attribute-Based Access Control. You can learn more about different authorization concepts here.

Benefits

OpenFGA provides developer the following benefits:

• Move authorization logic outside of application code, making it easier to write, change and audit.
• Increase velocity by standardizing on a single authorization solution.
• Centralize authorization decisions and audit logs making it simpler to comply with security and compliance requirements.
• Help their products to move faster because it is simpler to evolve authorization policies.

Features

OpenFGA helps developers achieve those benefits with features as:

• Support for multiple stores that allow authorization management in different environments (prod/testing/dev) and use cases (internal apps, external apps, infrastructure).
• Support for some ABAC scenarios with Contextual Tuples and Conditional Relationship Tuples.
• SDKs for Java, .NET, Javascript, Go, and Python.
• HTTP and gRPC APIs.
• Support for being run as a library, from with a Go based service.
• Support for using Postgres, MySQL or SQLite as the production datastore, as well as an in-memory datastore for non-production usage.
• A Command Line Interface tool for managing OpenFGA stores, test models, import/export models, and data.
• Github Actions for testing and deploying models.
• A Visual Studio Code Extension with syntax highlighting and validation of FGA models and tests.
• Helm Charts to easily deploy to Kubernetes.
• OpenTelemetry support to integrate it with your monitoring infrastructure.

Related Sections

Check the following sections to learn more about OpenFGA.

Authorization Concepts

Learn about Authorization.

• More

Product Concepts

Learn about OpenFGA.

• More

Modeling: Getting Started

Learn about how to get started with modeling your permission system in OpenFGA.

• More