[shimont]

congrats on the launch.. What is the added value in using Permit as oppose to just implementing ABAC on top of OPA by myself? if I implement it using Rego policies they will be in Git and managed in a GitOps way with tracking changes etc.. Ofc I understand that you aim for the permissions to be as easy as for a monkey.. Do you offer a way of auditing and tracking who made changes to permissions?

[orweis]

Thank you for the congrats and the good question. First of all building on your own, is a valid option- each application is a snowflake you should find what's best for you. That said, just like with cryptography, and authentication, it can be risky to roll your own. If you decide to roll on your own with OPA - I'd also recommend sticking to best practices [Gitops is just one] (checkout this talk I gave on OWASP- https://youtu.be/1_Iz0tRQCH4) , and also finding a solution for managing the authorization layer (e.g. https://opal.ac)

To this point specifically- "Do you offer a way of auditing and tracking who made changes to permissions" - Yes, check out Permit's audit-log interface

In general on top of the interfaces you get with OSS like OPA and OPAL, there are a lot more interfaces to build (e.g. audit logs, user mgmt, policy editing, approval flows, etc.) and none of them are unique to any application.