Question 1

How do I write a custom authorization policy for Topaz?

Accepted Answer

Topaz uses OPA policies written in Rego. You can define policies in Rego files, build them into OCI images, and reference them in the configuration YAML. Check the policy-todo template source code for an example.

Question 2

Topaz vs standalone OPA – which should I use?

Accepted Answer

Topaz builds on OPA by adding a built-in directory for data modeling and management tools, making it more turnkey for relationship-based authorization. Standalone OPA offers more flexibility but requires you to handle data storage and integration separately.

Question 3

Can Topaz work with external identity providers like Azure AD?

Accepted Answer

Yes, Topaz can integrate by importing user data into its directory or using OPA's external data features, but it requires custom configuration and might not have out-of-the-box connectors.

Question 4

Is Topaz good for high-traffic microservices architectures?

Accepted Answer

Topaz is designed for scalability and low latency as a sidecar, making it suitable for high-traffic environments. However, performance depends on policy complexity and infrastructure tuning.

Question 5

How to monitor Topaz authorization logs in production?

Accepted Answer

Topaz logs every decision by default, and you can integrate logs with external monitoring tools via its APIs or use the embedded database for audit trails, as mentioned in the comprehensive logging feature.

Question 6

Does Topaz support attribute-based access control (ABAC)?

Accepted Answer

Yes, Topaz supports ABAC by allowing policies to evaluate user attributes, resource properties, and environmental factors through OPA's capabilities, enabling fine-grained dynamic decisions.

Topaz

What is Topaz?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions