Skip to main content

2 docs tagged with "authz"

View all tags

ReBAC Authorization

Raytio's authorization model uses Relationship-Based Access Control (ReBAC), an approach where access decisions are based on the relationships between subjects and objects rather than static permission lists. Relationship-based access expresses facts such as "Alice owns this document" or "Bob is a member of the CRM User group."

Role Groups and Inheritance

Role groups are the mechanism by which the role hierarchy is represented for relationship-based access. Each role becomes a group, and parent-child relationships between roles become parent relationships between groups. The authorization model resolves these transitively, so a user assigned to a single role automatically inherits access from every ancestor in the hierarchy.