BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Permit Elements Enables Low-Code User-Managed Access Control

Permit Elements Enables Low-Code User-Managed Access Control

Bookmarks

Permit.io has released Permit Elements, a low-code end-user authentication interface builder. Permit Elements allows developers to embed interfaces enabling their end-users to decide which roles have permission to perform actions. At the time of release, there are elements available for user management and audit logs.

Permit.io is built on top of the open-source tools Open Policy Agent (OPA) and Open Policy Administration Layer (OPAL). It provides SDKs and APIs to add decision and enforcement points within applications. The Backoffice provides a set of low-code tools that facilitate assigning roles and permissions to users.

High-level Permit.io architecture

High-level Permit.io architecture (credit: Permit.io)

 

Permit Elements allows developers to embed interfaces within their application that allow end-users to have control in assigning users to roles. This is done by assigning roles to permission levels. There are five permission levels available including Workspace Owner, Manager, Viewer, Assignable Roles, and Hidden Roles. For example, a Viewer can only view the element but not make changes to it, whereas an Assignable Role is given permission controlled by the element, but is not able to view the element itself.

Permit Elements user management interface

Permit Elements user management interface (credit: Permit.io)

 

To use the element, Permit.io will need to be initialized in the backend of the application. A route will need to be created that permits the end-user to login_as themselves and gain access to the element. This route can be done using cookies, bearer token, or other headers. Finally, early within the application lifecycle, between confirming the user's identity and loading the embedded component, the route should be called to initialize Permit Elements:

permit.elements.login({
    loginUrl: 'https://your_app_url.com/permit_login,
    tenant: 'your_tenant_key',
    token:'<TOKEN>',
    loginMethod: LoginMethod.bearer
}).then((res: any) => {//optional handle success
 }).catch((err: any) => {//handle error
});

Within the application code, the end-user-assigned roles and permissions can be validated using the Permit.io SDK. The following example checks if the user john@permit.io has permission for the action create against the resource document:

const permitted = await permit.check("john@permit.io", "create", "document");
if (permitted) {
  console.log("User is PERMITTED to create a document");
} else {
  console.log("User is NOT PERMITTED to create a document");
}

The release also includes an audit log element. This provides access to the audit logs generated by Permit.io, tracking all authentication and authorization events in the system. Both elements can be customized for look and feel and are embeddable as iframes.

Permit.io also provides anomaly detection and identity protection. Similar to Amazon GuardDuty, Permit.io analyzes user patterns and reports anomalous behavior by sending alerts to either application managers or end-users. Or Weis, CEO of Permit.io, described this feature as "built-in and seamless user behavior analytics, providing early detection to account take overs or accounts otherwise turning malicious.".

An opt-in identity protection feature is available that requires sharing identity information with Permit.io. Weis explains that this data is used by Permit.io:

together with its own internet scanning tools and partner solutions for identity protection. When an identity used in a Permit-protected product is found to have leaked, e.g. as part of a data breach or attack, alerts are sent to the application managers and/or the end-customers themselves.

Permit Elements is available to Permit.io users. More details about the release can be found on the Permit.io blog.

About the Author

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT