Open Source Alternatives LogoOpen Source Alternatives
AlternativesBlogAdvertise
Open Source Alternatives LogoOpen Source Alternatives

Stay Updated

Subscribe to our newsletter for the latest news and updates about Alternatives

Open Source Alternatives LogoOpen Source Alternatives

Handpicked Open Source Alternatives to Paid Softwares

Product
  • Search
  • Categories
  • Tag
  • Sign In
Resources
  • Blog
  • Collection
  • Submit
  • Advertise your tool
Company
  • Privacy Policy
  • Terms of Service
  • Refund Policy
  • Sitemap
Copyright © 2026 All Rights Reserved.
Home/Categories/Security & Monitoring/Warrant
icon of Warrant

Warrant

Open source alternative to Permit.io, Cerbos and Auth0

Secure authorization with an open source service for RBAC, ABAC, and ReBAC checks across SaaS apps, internal tools, and shared APIs.

1.3K starsGoApache-2.0Updated this year
Visit websiteGitHub repo
image of Warrant
Contents
  1. 01Who Warrant is for
  2. 02The problem it solves
  3. 03How it solves it
  4. 04Strengths and trade-offs
  5. 05Install and self-host
  6. 06Tech stack
  7. 07FAQ
  8. 08Similar open-source tools
TL;DR

Warrant is an Apache-2.0 fine-grained authorization service inspired by Google Zanzibar. It helps teams self-host RBAC, ABAC, and ReBAC checks, centralize permission rules, and audit access across apps and internal tools.Apache-2.0 · Go · 1.3K stars · Updated this year

who it's for

Who Warrant is for#

SaaS teams managing tenant roles and entitlements

Warrant fits products that need organization-level roles, feature access by plan, and resource-level sharing in one authorization model.

Skip if:

You only need a few hardcoded roles inside a single application.

Internal tools that need auditable access control

Centralizing checks helps teams control who can view or change sensitive operational data across admin panels, scripts, and support tooling.

Skip if:

Your internal tools can rely on a simple network boundary or manual approvals.

Teams evaluating self-hosted Zanzibar-style auth

The project is useful when developers want to test or extend a relationship-based authorization service before buying or standardizing on a managed platform.

Skip if:

You need a fully managed service with high-scale guarantees out of the box.

the problem

The problem it solves#

Authorization logic becomes hard to trust when roles, entitlements, and object permissions are implemented separately in each service. Teams end up debugging inconsistent rules, duplicating audit logic, and shipping brittle access checks.

A centralized authorization service reduces that drift. Warrant gives developers one place to model access rules, evaluate checks, and audit permission changes while still supporting tenant-specific and resource-level policies.

how Warrant solves it

How it solves it#

Centralized authorization APIs

Warrant exposes HTTP APIs for defining roles, permissions, features, tenants, users, and access rules from application code or operational tooling.

Multiple access models in one engine

The service is built around a Zanzibar-style relationship model that can represent RBAC, ABAC, and ReBAC without splitting authorization logic across separate systems.

Self-hosted deployment paths

The open source project documents local source builds and container-based deployment options, with MySQL, PostgreSQL, and SQLite support.

strengths · trade-offs

Strengths and trade-offs#

Strengths

  • Fits teams that need deployment controlSelf-hosting lets security-conscious teams keep authorization data, configuration, and upgrade timing inside their own infrastructure.
  • Covers common SaaS authorization patternsThe project is aimed at tenant roles, entitlements, object-level sharing, and auditable access checks instead of a narrow single-use policy flow.

Trade-offs

  • -Open source edition has throughput limitsThe README states the open source version is best for POCs, development or test environments, and lower-throughput workloads.
  • -Requires operating another serviceTeams must provision a datastore, manage configuration, and run the authorization service instead of delegating that operational work to a hosted vendor.
install · self-host

Install and self-host#

bash
Self-host Warrant locally from source:

```bash
git clone https://github.com/warrant-dev/warrant.git
cd warrant/cmd/warrant
make dev
./bin/warrant
```

For container-based setups, the repo also includes Docker deployment examples for MySQL and PostgreSQL.
tech stack · detected from GitHub

What it's built on#

Languages
Go
frequently asked

FAQ#

What is Warrant?

Warrant is an open source fine-grained authorization service for defining, checking, and auditing application access rules.

How do you self-host Warrant?

The project docs describe local builds from source plus deployment examples for Docker-based setups with MySQL or PostgreSQL.

When is Warrant a better fit than hosted authorization tools?

Warrant is a better fit when your team wants source access and self-hosting control. Hosted tools reduce operational work and may be a better choice for very high-throughput or fully managed requirements.

also worth a look

Similar open-source tools#

Oso Cloud

Oso Cloud

Open source authorization with RBAC, ABAC, and ReBAC for any app

3.5KRustApache-2.0
Logto

Logto

Multi-tenant auth platform with SSO, RBAC, and social login

12.1KTypeScriptMPL-2.0
ZITADEL

ZITADEL

Open source identity platform with SSO, RBAC, and multi-tenancy

14KGoAGPL-3.0
Better Auth

Better Auth

Drop-in TypeScript auth with MFA, SSO, and multi-tenancy support

28.7KTypeScriptMIT
Cerbos

Cerbos

Move access control out of app code into testable YAML policies

4.5KGoApache-2.0
iptv

iptv

A collaborative database for TV channels

131.3KTypeScriptUnlicense

Repository

Stars
1.3K
Forks
52
License
Apache-2.0
Latest
v1.15.1
Last commit
222 days ago
Last verified
Jun 12, 2026
Repo
warrant-dev/warrant ↗

Additional details

Language
Go
Open issues
24
Contributors
5
First release
2023

Categories

Security & MonitoringAPIs & IntegrationDeveloper Tools

Tags

AuthorizationAPI InfrastructureDeveloper ToolsAPI Development ToolsSecurityAuthenticationBaaS