Frequently Asked Questions
What can I use Warrant for?
You can use Warrant to quickly implement and enforce an access control model for your application. Set up and enforce commonly used schemes such as Role Based Access Control (RBAC) or Attribute Based Access Control (ABAC) or roll your own custom scheme. Everything is managed via API and dashboard.
Who should use Warrant?
Warrant is built for developers and product teams (technical and non-technical) looking to quickly add and manage authorization and access control in their web or mobile applications.
When and where should I use Warrant?
Warrant can be used to add authorization to any web or mobile app back-end and front-end.
Does Warrant support role-based or attribute-based access control?
Yes, Warrant allows you to define permissions, users and roles via API or dashboard in order to implement RBAC or ABAC. For more info, check out our RBAC Quickstart.
Does Warrant support fine-grained authorization?
Yes. Warrant supports both coarse-grained (ex. role based access control) and fine-grained (data-specific) authorization schemes. As an example, a coarse-grained check might be "can this user edit reports?" whereas a fine-grained check might be "can [user:x] edit [report:45]"?
What is a 'warrant'?
Simply put, a warrant is an access control rule or policy. More info here.
Can I implement authentication for my application through Warrant?
No, Warrant only manages authorization and access control. We recommend that you use a separate authentication provider or implement your own authentication.
Can't I just implement authorization and access control myself?
You can. However, we've found that it's non-trivial to implement and usually takes longer than anticipated. Warrant also employs best practices for authorization and access control, giving you more time to focus on your core product.
How secure is Warrant?
As an authorization and access control service, security and data privacy are top of mind for us. Warrant does not need any of your users' personally identifiable information (PII) to work. In addition, all of your authorization and access control rules are only accessible by you via your unique and private API key.