GrantPerms: A Complete Guide to Permission Management

Getting Started with GrantPerms: Setup and Configuration

What is GrantPerms?

GrantPerms is a permissions-management solution designed to simplify access control for applications and teams. It provides role- and attribute-based controls, an audit trail for changes, and tools to manage permissions at scale.

Prerequisites

• A running application or environment where permissions will be enforced.
• Admin access to the environment and any identity providers (IdP) you plan to integrate.
• Basic knowledge of roles, users, and common access-control concepts.

Step 1 — Install and Provision

1. Choose deployment mode: cloud-hosted or self-hosted.
2. Provision resources: For self-hosted, allocate a server with recommended specs (e.g., 2 vCPU, 4 GB RAM for small teams).
3. Install: Use the provided installer or Docker image:

bash
Copy CodeCopied
docker pull grantperms/grantperms:latest docker run -d –name grantperms -p 8080:8080 grantperms/grantperms:latest 

Step 2 — Initial Configuration

1. Access the web console: Open http://localhost:8080 and complete the setup wizard.
2. Create the first admin account: Provide a secure password and enable MFA if available.
3. Set system-wide policies: Define default deny/allow stance and session timeout values.

Step 3 — Connect Identity Providers

1. Supported IdPs: SAML, OIDC, LDAP.
2. Add an IdP: In the console, go to Integrations → Identity Providers → Add.
3. Map attributes: Map IdP attributes (email, groups) to GrantPerms user fields.

Step 4 — Define Roles and Permissions

1. Create roles: Examples — Viewer, Editor, Admin.
2. Assign permissions: Attach granular actions (read, write, delete) to roles.
3. Use inheritance: Let higher-level roles inherit lower-role permissions to reduce duplication.

Step 5 — Create Resources and Scopes

1. Register resources: Define resources (projects, datasets, services) and their identifiers.
2. Define scopes: Create scopes like project:read or dataset:write to be used in policies.

Step 6 — Write and Apply Policies

1. Policy types: Role-based, attribute-based (ABAC), and time-bound policies.
2. Example ABAC policy: Allow access when user.department == resource.department and request.time within business hours.
3. Test policies: Use the policy simulator in the console to verify expected outcomes before enforcement.

Step 7 — Assign Users and Groups

1. Sync groups from IdP or create local groups.
2. Assign roles to users/groups at the appropriate scope (global, project-level).
3. Use least privilege: Start with minimal access and expand as needed.

Step 8 — Audit Logging and Monitoring

1. Enable audit logs: Capture changes to roles, policies, and assignments.
2. Integrate with SIEM: Forward logs to your SIEM or log management system (e.g., Splunk, ELK).
3. Set alerts: Notify on suspicious changes like privilege escalations.

Step 9 — Backup and High Availability

1. Backup configuration: Regularly export policies, roles, and mappings.
2. High availability: Use clustering or load-balanced instances for production.

Troubleshooting Tips

• Users not mapped: Verify IdP attribute mappings and claims.
• Policy conflicts: Use the policy simulator to identify overlapping rules.
• Performance issues: Increase resources or enable caching for large deployments.

Security Best Practices

• Enable MFA for admin accounts.
• Rotate admin credentials and API keys regularly.
• Enforce least privilege and review role assignments quarterly.
• Audit and monitor all permission changes.

Next Steps

• Import existing ACLs or RBAC configurations to migrate quickly.
• Automate provisioning with the GrantPerms API and CI/CD pipelines.
• Train your team on role-design and policy-writing patterns.

This guide gives a practical setup path; adapt specifics to your environment and scale.