Why SpiceDB?

Correctness Verifiable Correctness

The data used to calculate permissions have the most critical correctness requirements in the entirety a software system.

Despite that, developers continue to build their own ad-hoc solutions coupled to the internal code of each new project. By developing a SpiceDB schema, you can iterate far more quickly and exhaustively test designs before altering any application code. This becomes especially important as you introduce backwards-compatible changes to the schema and want to ensure that the system remains secure.

Flexibility Optimal Flexibility

The SpiceDB schema langauge is built on top of the concept of a graph of relationships between objects.

This ReBAC design is capable of efficiently supporting all popular access control models (such as RBAC and ABAC) and custom models that contain hybrid behavior.
Modern solutions to developing permission systems all have a similar goal: to decouple policy from the application. Using a dedicated database like SpiceDB not only accomplishes this, but takes this idea a step further by also decoupling the data that policies operate on. SpiceDB is designed to share a single unified view of permissions across as many applications as your organization has. This has strategy has become an industry best-practice and is being used to great success at companies large (Google, GitHub, Airbnb) and small (Carta, Authzed).
APIs

Dedicated APIs for checking individual permissions, listing all access, and ACL filtering.

Zanzibar

An architecture faithful to the Google Zanzibar paper, including resistence to the New Enemy Problem.

Schema Language

An intuitive and expressive schema language complete with a playground dev environment.

Distributed

A powerful graph engine that supports distributed, parallel evaluation.

Storage Compatibility

Pluggable storage that supports in-memory, PostgreSQL, and CockroachDB.

Observable

Deep observability with Prometheus metrics, structured logging, and distributed tracing.

Don't want to set up or manage SpiceDB?

Use Authzed for a managed permissions database.

Contact Sales