FGA Overview

Overview

Fine-grained authorization (FGA) makes granular decisions about what data and features users can access within your applications.

Unlike the role-based access control (RBAC) provided by FusionAuth roles and applications, fine-grained authorization enables you to define custom permissions for specific resources. You can also implement attribute-based access control (ABAC), relationship based access control (ReBaC), or create custom permission models tailored to your application’s requirements.

Examples

Here are examples of systems where FGA is useful:

• Facebook Groups, where all members can post, but only the original poster or group admins can edit a post.
• A healthcare system, where a doctor can only create, view or modify records for their patients. Patients can view their records or delegate access to a guardian. Only admins can delete a record.
• Google Drive, where a user can be granted permissions to a single file, a folder of files, or a drive containing many folders.
• A fintech application, where an organization can require that approvals over a certain amount be approved either by an admin or by two organization members

Links

• Read about FusionAuth FGA by Permify
• Learn more about different authorization models
• Run an example application with fine-grained authorization