Vista is a managed platform for B2B SaaS companies to easily grant/restrict user access on their platform. Seamlessly enable role-based experiences on your platform, custom roles per customer/org, and customer data security for internal tools.
Building and managing authorization is difficult, ongoing, and takes resources away from valuable developer time. Vista aims to provide an end-to-end solution, so you can focus on the product.
We provide an end-to-end solution to enable roles on your platform:
- Vista Dashboard allows you to define your roles and the Resource Types they have access to, access audit logs, and manual permissions grants
- API Client Libraries that are used to grant, check, and revoke permissions
- React components that include admin panels, as well as ability to dynamically change UI based on permissions
There are 3 main steps to building your permission system with Vista: defining your permissions blueprint, using the API to grant and check permissions, integrating our React components which dynamically change your UI based on user permissions.
Defining your permissions blueprint in the Vista Dashboard.
Using the API to grant and check permissions - the API is used to create individual users and groups, as well as grant and check permissions at run-time.
Integrating our React components - we have React components that allow your admins to grant teammates permissions, as well as dynamically change your UI based on user permissions.
See the Getting Started guide for more info.
Vista is modeled after Google Zanzibar - Google's internal authorization platform, which lets us extend the traditional RBAC model by allowing you to express permissions based on relationships between entities. Architecturally, Vista is inspired by OPA - an open source policy engine, which enables permissions checks from a sidecar container.
We help you define relationships between resources, roles, and actions to ultimately answer the question of “can user x perform action y on resource z?”
For example, if a user has read access to a folder, you probably want to enable read access to the documents contained in the folder as well. This is very difficult to manage in a traditional RBAC model, as new permissions would have to be created as every document in the folder is created. With Vista you can define
ownership queries that traverse these relationships, allowing you to define expressive permissions in a concise way.
The Vista Dashboard is used to create your permissions model by defining your Blueprint - your Resource Types, the actions that can be taken, and roles to limit what permissions can be granted. This acts as a schema for how permissions can be applied to users for specific objects.
The Vista API is then used to grant permissions, when object instances are created (resources, users, usersets), or check permissions, when your users wish to perform an action.