Vista is a managed platform for B2B SaaS companies to easily grant/restrict user access on their platform. Seamlessly enable role-based experiences on your platform, custom roles per customer/org, and customer data security for internal tools.
Building and managing authorization is difficult, ongoing, and takes resources away from valuable developer time. Vista aims to provide an end-to-end solution, so you can focus on the product.
We provide an end-to-end solution to enable roles on your platform:
- Vista Dashboard allows you to define your roles and the Resource Types they have access to, as well as access audit logs
- API Client Libraries that are used to grant, check, and revoke permissions
- React components that include admin panels, as well as ability to dynamically change UI based on permissions
There are 3 main steps to building your permission system with Vista: defining your permissions blueprint, using the API to grant and check permissions, integrating our React components which dynamically change your UI based on user permissions.
Defining your permissions blueprint in the Vista Dashboard.
Using the API to grant and check permissions - the API is used to create individual users and groups, as well as grant and check permissions at run-time.
Integrating our React components - we have React components that allow your admins to grant teammates permissions, as well as dynamically change your UI based on user permissions.
See the Getting Started guide for more info.
Vista is modeled after Google Zanzibar - Google's internal authorization platform, and takes the approach of relationship-based access control (ReBAC). This approach lets us extend the traditional RBAC model by allowing you to express permissions based on entity relationship - enabling permissions that are expressive and concise.
We help you define relationships between resources, roles, and actions to ultimately answer the question of “can user x perform action y on resource z?”
For example, if a user has read access to a folder, you probably want to enable read access to the documents contained in the folder as well. This is very difficult to manage in a traditional RBAC model, as new permissions would have to be created as every document in the folder is created. With Vista you can define
rules that traverse these relationships, allowing you to define expressive permissions in a concise way.
The Vista Dashboard is used to create your permissions model by defining your Blueprint - your Resource Types, the actions that can be taken, and roles to limit what permissions can be granted. This acts as a schema for how permissions can be applied to users for specific objects.
The Vista API is then used to grant permissions, when object instances are created (resources, users, usersets), or check permissions, when your users wish to perform an action.