In this article, we will look at how the Uber engineering team built Charter and the challenges they faced.

ByteByteGo provides tutorials, articles, and resources for learning and mastering the Go programming language, covering topics such as syntax, concurrency, and best practices. Developers can learn about Go programming fundamentals, web development with Go, and building scalable applications using Go's powerful features and standard library.

ByteByteGo

Uber built Charter, an attribute-based access control (ABAC) system to handle authorization across thousands of microservices at microsecond latency. Traditional role-based policies couldn't express complex conditions like region-matching or ownership relationships. Charter distributes policies to services, which evaluate them locally using an embedded authfx library. Conditions are written in Google's Common Expression Language (CEL) and evaluated against attributes fetched at runtime from typed attribute stores (actor, resource, action, environment). A real-world example shows how a single ABAC policy replaced thousands of individual Kafka topic policies by dynamically checking ownership data from Uber's uOwn service. Since adoption, 70 Uber services use attribute-based policies, gaining fine-grained, dynamic, and scalable authorization without code deployments.

How Uber Reinvented Access Control for Microservices

Don’t miss out: your free pass to Monster SCALE Summit is waiting! 50+ engineering talks on AI, databases, Rust, and more. (Sponsored)

Turn Search Engines Into APIs for Your App (Sponsored)

Real-World Application: Kafka Topic Management