Deepak Gupta

Fine-Grained Authorization

FGA.

An authorization category that permits permissions per individual resource instance, typically implemented via Zanzibar-style ReBAC, supporting billions of objects with sub-millisecond evaluation.

FGA and ReBAC overlap heavily in practice, most modern FGA implementations are ReBAC implementations. The distinction is mostly about emphasis: ReBAC describes the data model; FGA describes the use case (per-resource permissions at scale). When a CIAM advertises "FGA support," it almost always means a Zanzibar-derived ReBAC engine.

Common questions

What's the difference between FGA and ReBAC?

Which FGA product should I pick?

Do I need FGA if I have RBAC?

Related terms

In the guides

RBAC vs ABAC vs ReBAC: Choosing an Authorization Model
Three authorization models, Role-Based, Attribute-Based, and Relationship-Based Access Control, with concrete examples, scaling characteristics, and when each is the right answer.