Skip to main content

2 posts tagged with "launch"

View All Tags

· 2 min read
Karan Kajla

I'm excited to announce that Warrant now has built-in support for Role Based Access Control! 🥳 RBAC is one of the most widely used forms of access control, so we wanted to make it as easy as possible for developers to add robust RBAC to their apps. We also know that access control isn't a "set it and forget it" type of problem. Applications evolve over time, whether it's through new features or other changes, so we've made some major updates to the Warrant Dashboard to make it easier to manage RBAC in a live application.

Dashboard Updates

You can now easily create and manage groups through the Warrant Dashboard. Apply warrants directly to groups, add/remove users from groups, and view which groups users are part of all from your browser. When you make updates to a user's access rules, the updates are reflected in your app immediately.

Warrant Dashboard - Group Management Add/remove users from groups and apply warrants on groups

Warrant Dashboard - User Management View which groups a user is part of and apply warrants directly on a user

API Updates

Under the hood, groups (AKA roles) are implemented using object types and a new resource called objects (more on this later). Warrant always supported the ability to implement RBAC by defining a group (or role) object type, but thanks to your feedback, we realized it was too cumbersome to make developers do this themselves. group is now a default object type that developers can use right away to apply warrants to a group of users.

We've also introduced the concept of objects. Objects are specific instances of object types (e.g. the super-admin group would be an object of type group). Currently, developers can manage individual groups and their user membership via our API. We'll be expanding the objects functionality in the future, so stay tuned! With groups, implementing robust RBAC is dead simple, and you still have access to the full power of Warrant for fine-grained, user-level access rules when needed.

Get started with Warrant today and setup your own RBAC in minutes using one of our server-side SDKs (available for Java, Ruby, Python, Go, NodeJS).

· 3 min read
Aditya Kajla

At Warrant, we're building APIs and infrastructure to help developers add authorization and access control to their apps in less than 20 lines of code. Warrant handles the complexity of managing authorization so engineering teams can focus on building their core products.

Warrant

Turn your code into this.

Why we're building Warrant

  • Developers today are building more powerful software products than ever before, but with more features and capabilities comes more complexity. One of those complexities is authorization: What actions can this user perform in my app? What data can they access? etc.
  • It wasn’t until we tried implementing role-based access control (RBAC) in our own SaaS side-project that we realized how difficult and time consuming this problem is to solve, even with the many readily available open source authorization libraries.
  • Implementing bulletproof access control that changes and grows with your product is non-trivial and takes time to get right. This “detour” can take precious time away from building your product’s actual features.
  • Karan and I have built solutions for many authorization and access control challenges at Lyft, Yahoo, Medallia and AppLovin. We understand how to solve these problems once and for all at scale.
  • We're building Warrant to abstract and solve authorization and access control at every layer of the stack so you don't have to.

How it works

  • Warrant provides APIs you can use to create and manage ‘warrants’ (or access rules) that govern access to your application and its resources.
  • You can then protect your resources and features behind ‘warrant’ checks at runtime (for example - protecting access to your admin pages or other admin-only resources).
  • In addition to the APIs, the Warrant dashboard provides a simple website where even non-technical users and admins can manage warrants.
  • Warrant is flexible and supports any access model from RBAC & ABAC to your own custom model.

Who it's for

  • Anyone building web or mobile apps. Some examples: SaaS products with different user tiers (free/paid), internal tools with multiple roles and personas, ecommerce websites with admins, analytics tools with sensitive data, customer support apps etc.
  • We're building Warrant for both developers and non-technical users. APIs & SDKs to help developers with integration and an easy-to-use dashboard to allow non-technical users (product managers, support, sales etc) to manage access.

What's next

  • If you're a developer looking to implement authorization and access control, check out our docs (particularly the quickstart) to get started.
  • Email us or join us on Discord if you'd like to chat.
  • We're hard at work adding features and making Warrant better. Follow us on Twitter to keep up to date with the latest!

Cheers & happy building! ⚒️