topaz icon indicating copy to clipboard operation
topaz copied to clipboard
verified publisher icon aserto-dev

AWS like IAM possible with topaz?

Open gsingh-ds opened this issue 1 year ago • 3 comments

Is it possible to create AWS IAM system for our users? with topaz? I haven't looked into code or documentation yet.

gsingh-ds avatar Jul 28 '24 03:07 gsingh-ds

I believe this question was also asked in the Aserto Community slack.

API Authorization is a supported scenario in Aserto. See

  • https://www.aserto.com/blog/an-easy-button-for-api-authorization
  • https://www.aserto.com/blog/gateway-enforced-api-authorization

Generally speaking, the idea of adding a general-purpose policy document for each resource being authorized is not something that Topaz is focused on. Instead, Topaz makes it easy to model relationships on object types that grant permissions to subjects (users or groups).

These permissions and relations can be very flexible and match your domain model. In addition, Topaz supports general-purpose OPA policies (authored in Rego) which can add ABAC-style policy conditions to the evaluation of the question "does user U have permission P on resource R".

ogazitt avatar Aug 01 '24 19:08 ogazitt

@gsingh-ds did this answer the question?

ogazitt avatar Aug 08 '24 01:08 ogazitt

yes, but I don;t think it fit our purpose.

gsingh-ds avatar Aug 10 '24 03:08 gsingh-ds