This section has guides, concepts and examples that help you define an authorization model.
The content in this section is useful:
- If you are starting with OpenFGA and want to learn how to represent your organization's/system's authorization needs.
- If you are working on iterating on an authorization model you previously defined.
How to create an authorization model for your system starting from the requirements.
Learn the basics of modeling authorization and granting access to users.
Learn to model user group membership, and to grant access to all members of a group.
Learn to model roles for users at the object level and model permissions for those roles.
Learn to model access based on parent-child relationships, e.g.: folders and documents.
Learn to model denying access if users are part of list of blocked users.
Learn to model giving everyone specific access to an object, e.g.: everyone can read.
Learn to model requiring multiple privileges before granting access.
Learn to model custom roles that are created by users.
Learn to model requring dynamic attributes.
Learn to model and authorize when IP Address, time, and other dynamic and contextual restrictions are involved.
Learn to model and authorize when a user belongs to multiple organizations.
Learn the underlying concepts/building blocks that can be used to build any model.
Explore advanced use cases and patterns for authorization modeling with OpenFGA.
Learn to migrate relations and models in a production environment.