Engineering

09 April 2019

Layering authorization into a web application

How we introduced granular authorization into our application and API. Illustration by Camellia Neri Last year, my team extended Gusto’s authorization system to give admins granular access to their companies’ accounts. In software security terms, authorization is

Flora Jin

1 / 1

Engineering ( 38 )

Diversity Inclusion ( 11 )

Collaboration ( 11 )

Software Development ( 11 )

Programming ( 10 )

Best Practice ( 9 )

Gusto ( 8 )

Advice ( 8 )

Ruby On Rails ( 8 )

Security ( 7 )

Interviews ( 5 )

Career growth ( 5 )

Teamwork ( 4 )

Tech Lead ( 4 )

Sidekiq ( 4 )

Coding ( 4 )

Teams ( 3 )

Product Management ( 3 )

Startups ( 3 )

Guide ( 3 )

Ruby ( 3 )

Tidying ( 3 )

Refactoring ( 3 )

Monolith ( 3 )

Spaghetti Code ( 3 )

Experiment ( 3 )

Decision ( 3 )

React ( 2 )

Javascript ( 2 )

PM ( 2 )

Job Hunt ( 2 )

Database ( 2 )

Engineering Management ( 2 )

Incident Response ( 2 )

Authorization ( 2 )

Modular Monolith ( 2 )

Rails Engines ( 2 )

Startup Lessons ( 2 )

Big Data ( 2 )

Getting Started ( 2 )

Data Engineering ( 2 )

Data Lake ( 2 )

Pull Request ( 2 )

Code Review ( 2 )

Integrations ( 2 )

Api ( 2 )

Outcomes ( 2 )

MVP ( 2 )

CI/CD ( 2 )

PII ( 2 )

Testing ( 2 )

growth ( 2 )

Technical Strategy ( 2 )

Backbone ( 1 )

Webpack ( 1 )

Immutable ( 1 )

Cto ( 1 )

Migration ( 1 )

Double Write ( 1 )

Single Read ( 1 )

Models ( 1 )

Double Read ( 1 )

Single Write ( 1 )

Zero Downtime ( 1 )

Management ( 1 )

Individual Contributor ( 1 )

Redis ( 1 )

Poison Pill ( 1 )

Women ( 1 )

SSO ( 1 )

OAuth ( 1 )

OpenID Connect ( 1 )

Flexible Pay ( 1 )

Blocks ( 1 )

Closures ( 1 )

Partnerships ( 1 )

Xero ( 1 )

New York City ( 1 )

Organizational Design ( 1 )

Legislation ( 1 )

1 post

|