Styra Run allows end users to control their own account and access permissions

Styra announced Styra Run, a new application authorization service for developers, built on Open Policy Agent.

This new OPA-based authorization service provides enterprise-grade authorization to developers via a simple drop-in API, allowing teams to accelerate time to market, remove ongoing maintenance demands and improve end user experience.

Styra Run, using OPA, is a cloud-hosted application authorization service to completely decouple policy logic and data from the underlying application. This turnkey service frees software developers from the complex, time-consuming tasks of building, maintaining and operating their own authorization capabilities, collaboration features and permissions for each of their applications.

Styra Run features:

• Seamless integration into the application UI, API, and data layer
• Offloaded storage and global replication of end-user permissions data
• Pre-built OPA logic for application authorization use cases like adding sharing capabilities for consumer apps or team-based controls for enterprise apps

“Styra Run revolutionizes the way that app developers think about and implement authorization for end-users,” said Tim Hinrichs, co-founder and CTO of Styra “Every app on the planet has permissions, access control, sharing or other authorization built in. But by eliminating the need to constantly recreate authorization in each application, Styra Run improves time to market and quality, and provides better features than teams would build themselves. Similar to how ‘Sign in with Google’ eliminated the need for local user identity and passwords, Styra Run eliminates the need for custom built-per-app permission systems, so app developers and product teams can focus on better features and end-user experience.”

Styra Run is hosted, managed and maintained by Styra and is developed by OPA’s creators. OPA is the de facto standard for authorization in the cloud-native environment with over 130M downloads to date, and is used by global organizations such as Goldman Sachs, Atlassian and Pinterest.

The current state of SaaS authorization

Before Styra Run, access control functionality — such as defining who can edit a document, see photos or create new users within an application — had to be implemented differently for every application, based on the application’s particular coding language and database type.

Authorization controls are considered a tier-0 service and thus require high availability, very low latency, global replication and strict consistency guarantees. Building a solution that meets these demands typically requires 6-18 months of work by a team of specialists. Once built, the authorization system must be maintained, upgraded and patched throughout the entire application lifecycle.

Styra Run eliminates the need for custom authorization deployment

Styra Run provides customers an enterprise-grade authorization service, available via simple drop-in APIs, for companies who build and manage SaaS applications. This service allows end users to control their own account and access permissions, and as such is equally valuable in both consumer and business applications.

With Styra Run, organizations can:

• Speed up time-to-production with a turnkey approach to authorization system development
• Avoid re-building authorization as SaaS application requirements change
• Remove the operational burden of replicating permissions data across the world
• Implement immediate permission updating and access for near-zero latency across all users

“We heard firsthand from the OPA community and Styra customers that users needed a faster and better way to implement authorization for multi-tenant SaaS apps – both B2B and B2C,” said Torin Sandall, VP of Open Source at Styra. “OPA already solves the policy logic problem, but the community still needed a way to manage the contextual data that’s required for access decisions — like which roles, groups and permissions should be available to end users. We worked with the OPA community to combine hosted OPA logic, with contextual data management, to give developers a turnkey access control and authorization service that provides immediate, global policy across all their end users.”

Styra Run is currently available in private Beta.