Market map / Authorization & policy
Topaz (Aserto)
Open-source authorizer pairing OPA policy with a Zanzibar-style relationship store, plus a commercial control plane.
- Category
- Open-source authorization (RBAC/ABAC/ReBAC)
- Lane
- Authorization & policy
- Ownership
- Private (Aserto); Topaz is open source
Summary
Topaz is an open-source authorization engine that combines Open Policy Agent policies with a Zanzibar-style relationship directory, supporting RBAC, ABAC, and ReBAC. Built by Aserto, which adds a commercial control plane for managing policies and data across services; the project's emphasis has shifted toward the open-source Topaz.
Best for
Teams wanting OPA-based policy plus a relationship store, self-hosted via Topaz.
Consider if
You want a single managed SaaS with no self-hosted component.
Strengths
- Combines OPA policy with relationship data
- Open source (Topaz)
- RBAC/ABAC/ReBAC in one engine
Considerations
- Branding consolidating around Topaz
- Smaller commercial footprint than larger vendors