Bailiff uses a relationship-based model (ReBAC) to handle everything from simple roles to complex, nested hierarchies.
Everything in Bailiff is based on relationships. A user has a role on a resource. A document is parent_of another document.
This simple subject-verb-object triplet allows you to model any permission structure you can imagine, without changing your database schema.
Group users into teams and assign permissions to the group. Everyone inside inherits the access.
Roles are just sets of permissions. You can change what an "Admin" can do in the Bailiff dashboard, and it updates instantly across your entire app.
Stop hard-coding plan limits. Create a feature flag for advanced_analytics and grant it to the "Pro Plan" group.
Check flags just like permissions: check(user, 'view', 'feature:analytics').
Need recursive permissions? Bailiff handles folder structures natively.
Grant access to a root folder, and Bailiff propagates it down to every subfolder and file, even if the tree is deep.
Bailiff checks are stateless and fast. We handle the complex graph traversal so your database doesn't have to.
Designed for low latency at the edge, so you can use it in middleware or API guards.
Join the waitlist and be among the first to get enterprise-grade authorization without the enterprise bill.