// the find
Permify/permify
An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application. — Permify is now part of FusionAuth 🎉
Permify is an authorization-as-a-service that implements Google Zanzibar-style relationship-based access control, letting you externalize your permission logic into a standalone gRPC/REST service. It supports RBAC, ReBAC, and ABAC through its own schema DSL, with multi-tenancy built in. Now acquired by FusionAuth, which changes the ownership calculus for anyone considering it.
The schema DSL is well thought out — you can express hierarchical permissions, polymorphic relations, and contextual attributes without writing permission logic in application code. Multi-tenancy is a first-class concept, not bolted on. The snap token mechanism (consistent reads after writes) actually solves a real distributed systems problem that most homegrown solutions ignore. Performance numbers are credible: p95 at ~59ms for permission checks under load is acceptable for a network hop.
The FusionAuth acquisition is the elephant in the room — the community edition will lag cloud by a quarter per their own table, and 'premium features' will keep moving to cloud-only. The check engine does graph traversal on relationship data stored in Postgres, so deeply nested permission graphs will hit query performance walls that are hard to debug without understanding the internals. The DSL is a custom language you have to learn and that your tooling won't understand — no IDE support beyond what they ship. Self-hosted observability dashboards are explicitly withheld from CE, which means you're flying blind in production unless you pay.