What is Google Zanzibar?
Zanzibar is a 2019 paper from Google describing the authorization system used by Google Drive, YouTube, Calendar, Cloud, and most other Google products. It is the source of the design pattern OpenFGA implements.
What Zanzibar actually is
Zanzibar is a globally distributed database of relationship tuples that answers two questions in milliseconds at Google scale:
- "Is user U related to object O via relation R?" (check)
- "What objects of type T is user U related to via relation R?" (reverse index / list-objects)
Two ideas make it work:
- A typed schema (called a namespace configuration in the paper) defining types and the relations between them — for example, that
document#viewerincludesdocument#editor. - A tuple store indexed for both forward and reverse queries, with a consistency mechanism (Zookies) that lets clients tie permission checks to the version of the data they read.
What Zanzibar solved
Before Zanzibar, every Google product had its own authorization layer. Cross-product features ("share a Drive doc to a Calendar event guest") meant authorization logic had to be duplicated and kept in sync. Zanzibar gave Google one model, one store, one decision surface.
How OpenFGA maps to Zanzibar
OpenFGA implements the core Zanzibar operations — Write, Read, Check, Expand, and Watch — and extends them with capabilities that aren't in the paper:
- Schema — written in the OpenFGA DSL.
- Tuples — stored in PostgreSQL, MySQL, or SQLite.
- Check and Expand — exposed via the API.
- ListObjects and ListUsers — reverse queries that aren't in the Zanzibar paper, for answering "what can this user see?" and "who has access to this object?".
- Conditions (CEL) — also not in the paper; OpenFGA's mechanism for attribute-based decisions, similar in spirit to caveats.
OpenFGA does not replicate Zanzibar's globally distributed Spanner-backed architecture; it is designed to run on your existing databases. For most applications, that's the point — Zanzibar's model is what's valuable, not its operational scale.