Authorization Engine

Z*
Authorization that scales

Fine-grained permissions with sub-millisecond latency. RBAC, ABAC, and policy-based access control for modern applications.

Sub-millisecond policy evaluation

RBAC, ABAC, and ReBAC support

Edge-ready global deployment

policy-check.ts

// Check if user can edit document
const allowed = await zstar.check({
  subject: user.id,
  action: "edit",
  resource: `document:${doc.id}`,
  context: {
    tenant: org.id,
    role: user.role,
  }
});

if (allowed) {
  // Proceed with edit
}

Built for real-world authorization

From simple role checks to complex policy decisions, Z* handles it all.

Multi-tenant SaaS

Isolate customer data with tenant-aware policies. Each organization sees only their resources.

Role hierarchies

Complex RBAC with inheritance. Admins inherit editor permissions automatically.

Feature flags

Permission-based feature access. Gate features by plan, role, or custom attributes.

API authorization

Protect endpoints with fine-grained rules. Scope API keys to specific resources.

Performance at any scale

Built for speed. Deployed at the edge. Ready for millions of decisions per second.

< 0ms

Average decision latency

0M+

Policy evaluations/sec

0.99%

Uptime SLA

Edge

Global deployment

Developer-first integration

SDKs for every major language. Type-safe policies. Hot-reload without restarts.

SDKs for Node, Go, Python, and Rust

Type-safe policy definitions

Hot-reload policies without restart

Built-in testing and debugging tools

policy.yaml

# Define roles with inheritance
roles:
  admin:
    inherits: [editor]
    permissions:
      - documents:delete
      - users:manage

  editor:
    inherits: [viewer]
    permissions:
      - documents:edit
      - documents:create

  viewer:
    permissions:
      - documents:read

Ready to implement authorization that scales?

Start with Z* today. Standalone or as part of Authaz.

Z*Authorization that scales