Skip to main content
Version: 2.0.0

Loading Custom Data

There are multiple ways you can load data into Permit, and we will cover all of them below.

Via a user in the UI

When navigating to the user interface, you have the option to edit the user attributes for each unique user. These attributes are then sent to the Permit backend and stored by with the user record in our database.

As you perform a permit.check() for any individual user to check his access, these attributes are dynamically loaded into the function and the enforcement is evaluated based on the policy and the user attributes.

Via the permit.check() function

As a permit.check() is called, it checks and verifies the actions a user might have on a particular resource. The three parameters you need to pass into the function are the unique user id, action and resource. As part of the function, rather than passing in the user id and resource, you can pass in a whole object that will contain the user or resource attributes.

These attributes are evaluated on each enforcement check. This also gives you the flexibility to pass in dynamic / just-in-time attributes and evaluate these against the policies.

Here is an example of the code:

const permitted = await permit.check(
    {
        key: "john@smith.com",
        attributes: {
            location: "England",
            department: "Engineering",
        },
    },
    "read",
    {
        type: "file",
        attributes: {
            isPaying: "true",
        },
    }
);

Via the API

Permit provides an elegantly crafted API editor designed to streamline the structuring of your policies, facilitate seamless audits, and effectively manage team members, among other functions. Notably, the entire no-code user interface operates on a fully API-driven backbone, allowing for the seamless automation of any action within the system.

note

You can find the whole redoc referencing all the API functionality here.

In general, you can define attributes for individual users, or individual resources. You can follow the API call to define user attributes and resource attributes.

Via OPAL

With the new Scope Config API, you can set your own data sources when setting up your GitOps policy. This means you can easily mix the simplicity of Permit.io with OPAL's ability to be tailored to your needs.

To make changes to the OPAL Scope, use the OPAL Scope API. You'll just need to include the project and environment IDs in the API endpoint URL - don't worry, our guide can show you where to find them.

Out of the box, Permit automatically pulls in details about users, roles, and more from its cloud database to OPA, setting a solid foundation for your policy.
With this API, you can add even more data sources to build a policy that's just right for you.
You can see the data structure we currently use by checking it the OpenAPI and the example here. Notice that this API is in EAP stage might be subject to changes !

A full guide on how to use the Scope Config API and integrate external data sources can be found here.

Contents