Access Control

Authorization that
scales with you

Enforce least-privilege access with groups, roles, and fine-grained permissions. Authdog access control scales from a single app to multi-tenant estates — without rewriting your auth stack.

Start building Read the docs

Permission matrix

Live

Permission	admin	editor	viewer
Manage users
Edit resources
View dashboard
Delete tenants
Export reports

Groups4 active

Engineering

14 members

Product

8 members

Finance

4 members

Support

12 members

Flexible models

One platform, every authorization model

Start with simple roles and evolve to relationship-based policies as your product grows. No migration required.

RBAC

Role-based

Assign roles to users and let roles carry permissions. The workhorse of SaaS authorization.

Predefined role templates
Tenant-scoped roles
Role hierarchy inheritance

Coming soon

ABAC

Attribute-based

Evaluate user attributes, resource properties, and context to make dynamic access decisions.

Context-aware policies
Time and IP conditions
Custom attribute matching

Coming soon

ReBAC

Relationship-based

Model complex hierarchies — organizations, workspaces, projects — with permissions that inherit naturally.

Resource hierarchy
Permission inheritance
Cross-tenant relationships

Developer experience

Ship authorization in minutes, not months

A single SDK call is all it takes. Check permissions, assign roles, and manage groups without building custom authorization infrastructure.

Type-safe SDK for Node.js, Python, Go, and more
Sub-10ms latency for permission checks
Built-in caching and consistency guarantees
Audit trail for every access decision

import { Authdog } from "@authdog/sdk";

const authdog = new Authdog({ apiKey: process.env.AUTHDOG_API_KEY });

// Check if user can edit this resource
const { allowed } = await authdog.access.check({
  subject:  { type: "user", id: "user_01H8..." },
  action:   "edit",
  resource: { type: "document", id: "doc_93K..." },
});

if (!allowed) {
  throw new ForbiddenError("Not authorized");
}

import { Authdog } from "@authdog/sdk";

const authdog = new Authdog({ apiKey: process.env.AUTHDOG_API_KEY });

// Assign an editor role scoped to a workspace
await authdog.roles.assign({
  userId:   "user_01H8...",
  role:     "editor",
  resource: { type: "workspace", id: "ws_42X..." },
});

// The user now inherits all editor permissions
// for this workspace and its children.

import { Authdog } from "@authdog/sdk";

const authdog = new Authdog({ apiKey: process.env.AUTHDOG_API_KEY });

// Create a group and attach permissions
const group = await authdog.groups.create({
  name: "Engineering",
  tenantId: "tenant_7Yq...",
  permissions: ["repos.read", "repos.write", "ci.trigger"],
});

// Add members
await authdog.groups.addMembers(group.id, [
  "user_01H8...", "user_02J4...",
]);

Why externalized access control matters

In-house authorization logic becomes a liability as you scale. Move to a purpose-built platform that keeps your team shipping and your data safe.

74%

Of breaches involve privilege misuse

Overly broad permissions are the leading vector for data breaches. Fine-grained access control reduces your blast radius by enforcing least privilege from day one.

40%

Of application code is authorization logic

Teams spend months building and maintaining custom permission systems. Externalize authorization to ship features instead of plumbing.

Faster SOC 2 and GDPR audit cycles

Built-in audit trails, policy versioning, and automated compliance reporting reduce the time and cost of security certifications.

Ready to tighten access without friction?

Open the console to model groups, attach permissions, and align policy with how your teams ship.

Start Building

Authorization thatscales with you