The Mental Model
At its core, polizy shifts how you think about authorization. In traditional applications, permission logic is often scattered across codebases as conditional statements:
Relations and Actions
Understanding the distinction between relations and actions is the key to designing an elegant authorization model in polizy.
How a Check Resolves
When you call authz.check(), polizy doesn't just look up a single record in your database. Instead, it runs an in-memory graph traversal algorithm to find any valid path of relationships that connects the subject to the object.
Why Grants-Only
When designing permissions in polizy, you might wonder how to handle rules like "allow everyone in the team to edit, except for Bob."