[etxm]

I use OPA with terraform and kubernetes, but I’m looking for something for application ACLs, where I as a resource owner can assign permissions to arbitrary subjects for a resource.

Does OPA support that? If so that would be very very cool.

[andyroid]

Certainly! Application and microservice authorization is probably one of the more common use cases for OPA, and there's definitely benefits in having a unified policy engine in an organization or company.

[etxm]

I have only found RBAC and ABAC docs and tutorials for OPA, do you happen to know of a good source of docs for ACLs like, User A gives User B edit rights on Resource C?

Update: I swear I’ve looked through the docs 20 times and I’ve never seen this use case, but of course after writing this comment I go back and immediately find what may work :-)

https://www.openpolicyagent.org/docs/latest/comparison-to-ot...

[rad_gruchalski]

I think Ory Keto would be a better choice because it's easier to manage individual resources on an ad-hoc basis.