Agicap is a SaaS product that allows businesses to centralize cash flow monitoring and put cashflow at the heart of their financial management. As we expanded our market reach from SMBs to mid-market enterprises, we realized we needed to provide clients with complete control over defining fine-grained authorization policies.

In the last 10 years, we've seen great progress in the world of authentication, but authorization is still challenging for most engineering teams, and we were not an exception. Authorization logic was mixed with application code and difficult to adapt to new requirements.

We decided to explore using a Relationship-Based Access Control (ReBAC) approach using OpenFGA, a CNCF sandbox project, and we were able to satisfy our requirements.

In our session, we'll explain ReBAC and OpenFGA, and describe how it was used at Agicap. We will also share insights into how Behavior-Driven Design (BDD) tools enabled our Product Managers to define authorization use cases.