Having wasted a couple of engineers time a year on building and managing permissioning systems, the challenge and complexity really rings true
This is especially painful in B2B businesses where your customers have their own set of requirements and access controls (this department can do X, but these 3 people also have access to these other 2 departments etc). The hidden cost of supporting this plus the audit overhead really stacks up [1]
Not being one for building the same system over and over, we are now working on an open-source, self-hosted access control service - https://cerbos.dev
This is especially painful in B2B businesses where your customers have their own set of requirements and access controls (this department can do X, but these 3 people also have access to these other 2 departments etc). The hidden cost of supporting this plus the audit overhead really stacks up [1]
Not being one for building the same system over and over, we are now working on an open-source, self-hosted access control service - https://cerbos.dev
[1] https://cerbos.dev/blog/the-hidden-costs-of-user-authorizati...