Home

Awesome

<p align="center"> <a href="https://warrant.dev/"><img src="https://warrant.dev/images/og-image.png" alt="Warrant" /></a> </p> <p align="center"> <a href="https://warrant.dev/">Website</a> | <a href="https://app.warrant.dev/signup">Warrant Cloud</a> | <a href="https://docs.warrant.dev/">Docs</a> | <a href="https://docs.warrant.dev/objecttypes/get-all-object-types/">API Reference</a> </p> <p align="center"> <img alt="GitHub" src="https://img.shields.io/github/license/warrant-dev/warrant?color=4F0DCC"> <img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/warrant-dev/warrant?color=FF5E00"> <img alt="GitHub Workflow Status (with branch)" src="https://img.shields.io/github/actions/workflow/status/warrant-dev/warrant/go.yaml?branch=main"> <a href="https://twitter.com/warrant_dev"><img alt="Twitter Follow" src="https://img.shields.io/badge/follow-%40warrant__dev-1DA1F2?logo=twitter"></a> <a href="https://www.ycombinator.com/companies/warrant"><img alt="Backed by Y Combinator" src="https://img.shields.io/badge/Backed%20by-Y%20Combinator-%23E16E38"/></a> </p>

Warrant - Google Zanzibar-inspired, Fine-Grained Authorization Service

Warrant is a highly scalable, centralized, fine-grained authorization service for defining, storing, querying, checking, and auditing application authorization models and access rules. At its core, Warrant is a relationship based access control (ReBAC) engine (inspired by Google Zanzibar) capable of enforcing any authorization paradigm, including role based access control (RBAC) (e.g. [user:1] has [permission:view-billing-details]), attribute based access control (ABAC) (e.g. [user:1] can [view] [department:accounting] if [geo == "us"]), and relationship based access control (ReBAC) (e.g. [user:1] is an [editor] of [document:docA]). It is especially useful for implementing fine-grained access control (FGAC) in internal and/or customer-facing applications.

Features

Use Cases

Warrant is built specifically for application authorization and access control, particularly for product, security, and compliance use-cases. Examples of problems Warrant solves are:

Getting Started

Check out the development guide to learn how to run Warrant locally and refer to the deployment examples for examples of self-hosting Warrant using Docker or Kubernetes.

Resources

SDKs

Warrant's native SDKs are compatible with both the cloud and open-source versions of Warrant. We currently support SDKs for:

Documentation

Visit our docs to learn more about Warrant's key concepts & architecture and view our quickstarts & API reference.

Limitations

Serving check and query requests with low latency at high throughput requires running Warrant as a distributed service with the use of Warrant-Tokens (also referred to as Zookies in Google Zanzibar). As a result, this open source version of Warrant is only capable of handling low-to-moderate throughput and is best suited for POCs, development/test environments, and low throughput use-cases.

Get <10ms Latency at Scale

Warrant Cloud

The quickest and easiest way to get low-latency performance for high-throughput production usage is to use Warrant Cloud, a fully managed, serverless offering of Warrant. With Warrant Cloud, you don't need to worry about managing multiple instances of Warrant or its underlying datastore (e.g. Postgres, MySQL, etc). It can scale to millions of warrants and hundreds of millions of check and query requests while still providing <10ms latencies. You can sign up for a free account here.

Warrant Cloud is compatible with the same APIs as this open source version and provides additional functionality like:

Once you've created an account, refer to our docs to get started.

Enterprise Self-Hosted

Customers looking to self-host Warrant for low-latency, high-throughput production use cases can run a licensed version of Warrant Cloud themselves. To learn more about this option, schedule a call or contact us.

Contributing

Contributions are welcome. Please see our contributing guide for more details.