The Identity Map

The Identity Map / AuthZ

Authorization & Fine-Grained Access (AuthZ & PBAC)

Deciding what an authenticated identity is allowed to do: policy-based, relationship-based, and attribute-based access control.

Authentication proves who you are; authorization decides what you can touch. This developer-led niche externalizes that decision out of application code and into a dedicated policy engine, using models like ReBAC (Google Zanzibar style), ABAC, and policy-as-code. It is one of the youngest and fastest-moving branches of the tree, and increasingly the control point for AI agents acting on a user's behalf.

Top picks

AuthZed (SpiceDB) · Oso · Permit.io · Cerbos · PlainID

9 vendors on this branch

AuthZed

Top pick

USA

ReBAC authorization (SpiceDB; Zanzibar-style)

OSS + cloud

View full profile

Oso

Top pick

USA

Authorization-as-a-service / library

Developer-first

View full profile

Permit.io

Top pick

Israel / USA

Full-stack authorization platform

Policy-as-code

View full profile

Cerbos

Top pick

UK

Decoupled, scalable authorization

OSS

View full profile

PlainID

Top pick

Israel / USA

Policy-based access control (PBAC)

Enterprise authorization

View full profile

SGNL

USA

Privileged authorization + CAEP

Continuous access

View full profile

Aserto / Topaz

Open source

USA

Fine-grained authorization (OPA-based)

OSS Topaz

View full profile

Styra

USA

Policy management; creators of OPA

Enterprise OPA

View full profile

WorkOS FGA (Warrant)

Acquired

USA

Fine-grained authorization

Warrant acquired by WorkOS

View full profile

Looking for deep, evaluated profiles in this category? Browse every AuthZ vendor on startwithidentity.com.