Skip to content

Authorization

Overview

Authentication verifies who you are, while authorization determines what you can do.

Authorization can only be enabled if Authentication is enabled. Please check the Authentication Docs for more information.

Lakekeeper currently supports the following Authorizers:

  • AllowAll: A simple authorizer that allows all requests. This is mainly intended for development and testing purposes.
  • OpenFGA: A fine-grained authorization system based on the CNCF project OpenFGA. OpenFGA requires an additional OpenFGA service to be deployed (this is included in our self-contained examples and our helm charts). See the Authorization with OpenFGA guide for details.
  • Cedar: An enterprise-grade policy-based authorization system based on Cedar. The Cedar authorizer is built into Lakekeeper and requires no additional external services. See the Authorization with Cedar guide for details.
  • Custom: Lakekeeper supports custom authorizers via the Authorizer trait.

Check the Authorization Configuration for setup details.