Guides
Learn how to model common authorization patterns in your application using polizy. These guides provide task-oriented instructions and copy-pasteable examples for everything from simple team permissions to complex, attribute-based access control.
Team & Group Access
Managing access for individual users can quickly become overwhelming. Instead of assigning permissions user-by-user, you can group users into teams, departments, or roles, and grant permissions to the entire group.
Folder Inheritance
In many systems, resources exist inside other containers—like files inside folders, tasks inside projects, or channels inside workspaces. Instead of granting permissions on every individual child resource, you want permissions on the parent container to automatically flow down to its contents.
Temporary Access
Sometimes you need to grant permissions that are short-lived. For example, a customer support agent might need access to a user's account for one hour, or a contractor might have access to a repository until their contract ends.
Public Access
Sometimes you want to make a resource public to every user in your system—like a public roadmap, documentation article, or landing page. Instead of writing custom logic bypasses or adding permissions for every single user, you can use polizy's wildcard subject.
Attribute Conditions (ABAC)
Sometimes relationship-based access control (ReBAC) isn't enough on its own. You might want to restrict access based on dynamic runtime context, such as a user's subscription tier, their IP address range, their department, or the current time.
Field-Level Permissions
By default, permissions in polizy are granted on a whole object, such as a file, folder, or project. However, there are times when you need more granular access control, like allowing a manager to view a full medical record while only allowing an employee to view specific fields like their own strengths or performance summaries.
Revoking Access
In any permission system, removing permissions is just as important as granting them. Whether a user is changing roles, an asset is being deleted, or a user account is being deactivated, you need a safe and clean way to revoke access.
Listing & Debugging
Building a secure application requires more than just checking permissions at runtime. You also need to:
Read-Your-Writes
When building collaborative applications, you often run into a consistency problem: a user performs an action (like sharing a document or adding a team member), and immediately navigates to a screen that checks that new permission.
Framework Integration
Once you have defined your schema and setup permission rules, you need to integrate polizy into your application's request pipeline.