ReBAC Explained: How GitHub Decides Who Can Touch Your Repo
Roles work until your app grows hierarchies, then you drown in role explosion and token bloat. Relationship-Based Access Control (ReBAC) answers 'can this user do this?' by walking a graph of relationships instead. This post explains ReBAC using GitHub's permission model as the main example, then covers Google Zanzibar — which manages over 2 trillion relationship tuples at 10 million queries per second.
AuthorizationReBACSystem Design
