Skip to main content

Google Drive Quickstart

The Google Drive scenario is an example of how to implement an authorization policy using a hierarchical, nested relationship-based access control (ReBAC) model.

The Google Drive Quickstart includes:

  • A domain model for Google Drive, including folder and doc object types, owner, editor, and viewer relationships, and can_read, can_write, can_share, and can_delete permissions.
  • A policy instance called gdrive which uses a boilerplate authorization policy called policy-rebac. This policy simply uses the underlying relationships to determine access.
  • A connection to the Citadel Demo IDP, which contains five demo users based on the Rick & Morty cartoon.
  • Sample object instances, including folders such as Rick's Home Folder and Morty's Shared Folder, and documents such as Grocery list and Rick's inventions. Rick & Morty have owner, editor, and viewer relationships to these resources, demonstrating a relationship-based (ReBAC) model.
  • A back-end API that uses the gdrive policy for authorization, implemented in several languages.
  • An interactive tutorial which helps construct curl requests to test the back-end API.

As you go through the Quickstart, you'll learn the following:

  • How to instantiate the Google Drive template.
  • How to browse the directory and examine the manifest.
  • How to evaluate policy decisions within the Aserto Evaluator.
  • How to download and run the Google Drive back-end API.
  • How to construct curl requests to the back-end in order to test out the API.


To follow this Quickstart you'll need to have an Aserto account. If you do not have one, you can create one here. Once you have created your tenant, you can continue.