How Redpanda built one authorization system for humans and machines
Redpanda replaced fragmented role management with a single, identity-agnostic authorization layer, giving enterprise customers and growing teams alike fine-grained control over every resource they manage.
Redpanda is one of the fastest-growing streaming data platforms on the market. Kafka-compatible, trusted by enterprises across financial services, gaming, and telecommunications, and valued at $1B. As the company’s cloud offering scaled, it needed a control-plane authorization system that could handle two very different customer segments: large enterprises demanding strict access controls, and smaller teams that just need to push data and go.
AuthZed gave Redpanda a single authorization layer for its cloud, where one identity, human or service account, works consistently across the entire platform. Customers can now create, manage, and control access to their streaming infrastructure with fine-grained precision without needing a dedicated security engineering team.
We don’t differentiate. We have an identity that can be used for machines or for humans, human accounts or service accounts, and we use the same identity.
Santiago Jimenez Giraldo, Infrastructure Software Engineer, Redpanda
The challenge — outgrowing membership-level roles in a multi-cloud world
Redpanda’s cloud platform allows organizations to spin up streaming data endpoints, manage networks, configure namespaces, and control team access through a self-service experience. As the platform scaled, the control-plane authorization system couldn’t keep up.
- No true RBAC — the previous system only supported roles at the membership level with no way to control who could create, modify, or delete specific resources within an organization
- Two underserved customer segments — enterprise customers demanding tightly controlled permissions alongside SMBs needing authorization that works out of the box
- Vendor lock-in risk — the existing authentication provider didn’t offer the authorization capabilities needed, and extending that dependency wasn’t an option
We previously just had roles on a membership level. There wasn’t an RBAC per se, so our need was to create an RBAC system.
Mateo Carvajal, Senior Software Engineer, Redpanda
We have customers that are very advanced, so they really want a performance solution. But we also have customers that are small to medium enterprises that want to simply push data and process it. Those are the cases where customers don’t have a very strong engineering team and they want fine-grained authorization made easy for them.
Santiago Jimenez Giraldo, Infrastructure Software Engineer, Redpanda
For enterprise customers protecting sensitive data workloads, membership-level roles were a non-starter. And the existing authentication provider couldn’t bridge the gap.
Vendor lock-in was an issue and openness was another issue. The open source part of SpiceDB was very attractive.
Santiago Jimenez Giraldo, Infrastructure Software Engineer, Redpanda
The solution — AuthZed for cloud authorization, alongside Redpanda’s data-plane controls
Redpanda’s platform has two distinct authorization surfaces. On the data hot path, producers and consumers move messages at microsecond latency. Redpanda itself is the authorization authority there, enforcing Kafka-style ACLs inside the storage engine. The cloud control plane governs who can create a cluster, spin up a serverless endpoint, manage a namespace, or invite a user to an organization. That’s where Redpanda needed a purpose-built authorization system, and it’s where AuthZed fits in.
When Redpanda evaluated authorization solutions, the team knew what mattered: a solid academic foundation, compatibility with their existing stack, open source licensing, and enough flexibility to handle both human users and automated services without treating them differently.
We are very academic in a sense. We like to do our implementation based on RFCs and papers. A paper like Zanzibar was very useful for us to find a way to implement fine-grained authorization.
Santiago Jimenez Giraldo, Infrastructure Software Engineer, Redpanda
Redpanda is a gRPC-first company that uses Go for its cloud infrastructure. AuthZed speaks the same language, which meant the integration felt natural rather than forced. And when it came to the decision, the team didn’t need much convincing.
We are a very gRPC-first company. We declare everything internally and externally using gRPC. The stack made sense for us. We also use Go for the cloud part, so that was a no-brainer.
Santiago Jimenez Giraldo, Infrastructure Software Engineer, Redpanda
There wasn’t much debate on whether or not to use AuthZed, to be honest.
Mateo Carvajal, Senior Software Engineer, Redpanda
Before writing any integration code, Redpanda used the AuthZed Playground to model and simulate their permission system, validating the approach before committing engineering resources.
We could prototype our whole system very quickly on the Playground. That was very useful.
Mateo Carvajal, Senior Software Engineer, Redpanda
Through their evaluation, Redpanda found that AuthZed delivered:
Identity-Agnostic Authorization
A unified identity model that treats human accounts and service accounts identically, with no separate authorization paths for people vs. machines.
Zanzibar-Based Permission Model
An academically rigorous, proven approach to fine-grained authorization built on the same research that powers Google’s internal systems.
Open Source Independence
Full architectural control over control-plane authorization, giving Redpanda the freedom to deploy and extend authorization on their own terms.
Developer-First Tooling
The Playground enabled the team to prototype their complete permission model before writing implementation code, significantly reducing integration risk.
The results — fine-grained control across the platform
With AuthZed in production, Redpanda has transformed how organizations interact with its streaming data platform. Control-plane authorization now covers the full lifecycle of every resource, with controls that scale from individual developers to enterprise teams.
AuthZed powers access control for every resource in Redpanda’s cloud: serverless endpoints, networks, organizations, namespaces, and groups. For each resource type, authorization governs who can create, view, use, and delete it.
Our main use case is the lifecycle of the resource. Can I create a resource? Can I use the resource? Can I delete the resource? Can I see the resource? We use SpiceDB to control the access to that specific lifecycle.
Santiago Jimenez Giraldo, Infrastructure Software Engineer, Redpanda
Redpanda’s cloud authorization layer makes no distinction between a human operator logging in through an identity provider and a service account making API calls. Both are the same kind of identity, which simplifies the permission model and reduces the surface area for misconfiguration.
We use identity providers for the authentication part. After that, we want an agnostic system that can understand our needs.
Santiago Jimenez Giraldo, Infrastructure Software Engineer, Redpanda
Enterprise customers get strict, granular access controls. Smaller teams get sensible defaults that protect their resources without requiring authorization expertise. One control-plane system handles both. And the team continues to deepen its AuthZed integration, extending fine-grained authorization into additional layers of the platform.
The angle is that in cloud, the user feels like a single user. We want to make it transparent — you have a user, and a user is for everything.
Mateo Carvajal, Senior Software Engineer, Redpanda
What Redpanda has achieved with AuthZed:
Human operators and service accounts authorized through a single system
Every lifecycle action on every cloud resource governed by granular permissions
No vendor lock-in, with full architectural control over control-plane authorization
One system serving sophisticated enterprise requirements and simpler self-service use cases