[emreb]

Disclaimer: I work on Cerbos [0] (an alternative to OPA based authorization systems focusing on RBAC/ABAC) to deliver enterprise-grade access management for any application.

There is another alternative approach to policy-as-code: policy-as-configuration. At Cerbos we believe that for most use cases, using a full programming language is too much work and creates problems such as being hard to comprehend and work with (because it's a completely different language with its own idiosyncrasies) and being too open-ended (thus making it easy to write lots of very complicated code with surprising side effects and performance issues). The rules for your authorization policies can be human readable for those developers who cannot spend lots of time learning a whole new programming language, and is independent of any particular language, architecture or tech stack.

We’ve built and open sourced Cerbos trying to make the deployment and management of an authorization service as simple as possible while configuration rules as flexible as possible. While doing so, we also achieved response times that are faster than OPA.

[0] https://cerbos.dev