Introduction

The Three Tiers of Webiny's Security Layer

Webiny’s security layer divided into three tiers. The higher the tier, the more features are available.

All Webiny project start with the Open Source tier. The tier is free to use, but is limited when it comes to defining fine-grained permissions, allowing only the No Access and Full Access to be selected when defining permissions for individual Webiny apps.

Trying to select Custom Access will result in an alert message being shown, informing the user that the feature is only available with the Advanced Access Control Layer (AACL), which is available on the Business and Enterprise tiers.

Selecting Custom Access Level on Open Source Tier

(click to enlarge)

To upgrade to Business tier, users link their project with Webiny Control Panel (WCP), from where they can activate the Advanced Access Control Layer (AACL) for their project. By doing this, users will be able to define fine-grained permissions for individual Webiny apps.

Selecting Custom Access with Advanced Access Control Layer (AACL) Enabled

(click to enlarge)

Finally, for the most advanced use cases, users can upgrade to the Enterprise tier. On top of the features available with the first two tiers, the Enterprise tier introduces Teams and Folder Level Permissions.

More on this in the following section.