A RESTful API for Function-Based Access Control (FBAC)

What is it?

Hurima™ (or “Hubrix Rights Manager”) is a complete API for application access control. It provides:

  • A database to store permissions, roles, groups and business rules
  • A REST API to bind to an Administration UI
  • A REST API to verify, grant, revoke and audit permissions
  • Other stuff that we think is pretty great.

Why do I want it?

You may already be using an access-control system. Maybe you have, or integrated with, an existing Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC) system. Maybe you developed your own.

You should only consider Hurima if you’re in one of these 4 situations :

  • You have no access-control feature in your application (you’re just getting started, or you have not yet added access control)
  • Existing RBAC and ABAC solutions are either too complex, or not powerful enough, for your application
  • You need your access-control solution to span across multiple applications
  • The access-control system / feature-set you have in place isn’t extensible enough for your needs.
How do I use it?

Hurima will be available 3 ways:

  1. As an open-source project on GitHub and BitBucket. You can download, install, integrate and never tell us (or pay us) anything.
  2. As a commercially-supported product, with installation packages, yum + apt repository access, AWS / Docker  / Rkt images, automatic upgrades and ongoing technical support.
  3. As a cloud-hosted “virtual private API” that automatically scales with usage, while keeping your instance private, secure and encrypted.
How & When can I get it?

Hurima is currently in development. We expect to have an initial Beta release ready in September 2017. We’re in a hurry, but we don’t have a deadline. We want to ensure that Hurima is solid and reliable, even for the β release.


A feature-set, not a code library

A complete access-control feature-set in a RESTful API

You seem to need a verb?

Neither RBAC nor ABAC but FBAC: Function-Based Access Control. The Verb or Action is center stage, the way the Role is in RBAC.


Built-in Verbs, or add your own

  • Built-in Verbs: CRUDM (Create Read Update Delete Merge) + Grant + Revoke
  • API Endpoints to add your own Verbs (examples: “Replace,” “Sign,” “Shut off” etc.)

Have it your way

A high-performance access-control engine you can run locally, on a remote server, or in the Cloud

Control Yes. Latency No.

Encrypted, auto-refresh, auto-expiring app-side cache so permission-tests stay immune to Internet latency while still allowing real-time policy updates

For DevOps of All Faiths

Agnostic architecture: works with most popular datastores (file, SQL, noSQL), platforms and languages

Hurima™ Beta Mailing List

Join our limited-duration mailing list (you'll receive five emails max) to receive updates on our development and Beta-release schedule.