Google Zanzibar

Last updated July 23, 2025

Zanzibar is Google's globally distributed authorization system designed to provide consistent, scalable access control for large-scale applications. First described in a 2019 research paper, Zanzibar handles authorization decisions for many of Google's services including Google Drive, Google Photos, and YouTube.^[1]

Overview

Zanzibar is a centralized authorization database built to handle authorization queries from high-traffic applications and return authorization decisions with low latency. The system is designed to be error-free, fast (targeting sub-10ms response times), highly available, and capable of high throughput to support billions of users across hundreds of client services.

The system stores and evaluates access control lists (ACLs) expressed as relationship tuples, implementing a relationship-based access control (ReBAC) model. Zanzibar's data model consists of namespace configurations and relationship data expressed as triples in the format (subject, relation, object).

Architecture

Zanzibar's architecture includes several key components:

Distributed database: Built on Google's Spanner database to provide strong consistency guarantees and prevent the application of stale permissions to new content.
Multi-layer caching: Includes Leopard (an indexing system for fast authorization checks), server-level caching for read requests, and inter-service call caching to reduce latency.
Global replication: Data is replicated across multiple geographic regions, similar to a content delivery network (CDN), to move authorization data closer to access points.
Namespace configuration: Defines the schema for relationship data and authorization policies for each client service.

Performance and scale

Zanzibar is designed to handle massive scale:

Stores trillions of access control rules
Processes millions of authorization requests per second
Maintains sub-10 milliseconds query response times
Supports services used by billions of people globally

The system achieves this performance through careful optimization including cache prefetching for frequently accessed permissions and hand-tuning of performance hotspots.

Relationship to ReBAC

Zanzibar represents one of the most prominent implementations of relationship-based access control (ReBAC) principles. Unlike traditional role-based access control (RBAC) systems that assign permissions through roles, Zanzibar makes authorization decisions by traversing graphs of relationships between users and resources.

This approach is particularly well-suited for applications with complex data hierarchies and sharing patterns, such as document management systems where access permissions can be inherited through folder structures or organizational hierarchies.

Industry impact

Since the publication of Google's Zanzibar paper, the system has inspired numerous commercial and open-source authorization systems. Companies including Airbnb have developed similar systems (such as Airbnb's Himeji)^[2], and several authorization-as-a-service providers offer Zanzibar-inspired solutions.

The success of Zanzibar has helped establish ReBAC as a viable alternative to traditional authorization models for large-scale applications requiring fine-grained access control.

Limitations

While powerful, Zanzibar-like systems requires significant engineering investment:

Building a Zanzibar-like system typically requires at least a year of dedicated engineering effort, and operating the system requires ongoing support from full-time engineering teams
The system requires centralizing all authorization data, which may necessitate data duplication between the authorization system and application databases^[3]
The flat relationship model may require additional policy engines for complex authorization logic that cannot be easily expressed as relationships

References

↑ Pang, Ruoming; Caceres, Ramon; Burrows, Mike; Chen, Zhifeng; Dave, Pratik; Germer, Nathan; Golynski, Alexander; Graney, Kevin; Kang, Nina; Kissner, Lea; Korn, Jeffrey L. (2019). "Zanzibar: Google's Consistent, Global Authorization System". 2019 USENIX Annual Technical Conference (USENIX ATC '19). Renton, WA.
↑ Yao, Alan. "Himeji: A Scalable Centralized System for Authorization at Airbnb".
↑ Asay, Matt. "Who needs Google technology? Probably not you".

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] Pang, Ruoming; Caceres, Ramon; Burrows, Mike; Chen, Zhifeng; Dave, Pratik; Germer, Nathan; Golynski, Alexander; Graney, Kevin; Kang, Nina; Kissner, Lea; Korn, Jeffrey L. (2019). "Zanzibar: Google's Consistent, Global Authorization System". 2019 USENIX Annual Technical Conference (USENIX ATC '19). Renton, WA.

[2] Yao, Alan. "Himeji: A Scalable Centralized System for Authorization at Airbnb".

[3] Asay, Matt. "Who needs Google technology? Probably not you".

[1]

[2]

[3]