Zanzibar is a distributed authorization system developed by Google for managing access control at scale. It was first described in a research paper presented at the 2019 USENIX Annual Technical Conference. Zanzibar supports authorization for several Google services, including Google Drive, Google Photos, and YouTube. [1]
Zanzibar functions as a centralized authorization service. It processes access control queries from client applications and stores access control lists (ACLs) expressed as relationship tuples under a relationship-based access control (ReBAC) model. Each tuple represents a subject, a relation, and an object. The system is designed to provide consistency, fault tolerance, and scalability for applications with large user bases. [1]
Zanzibar’s architecture includes several core components: [1]
The system uses techniques such as cache prefetching and selective invalidation of frequently accessed permissions to reduce latency. [1]
Zanzibar employs relationship-based access control (ReBAC), in which authorization decisions depend on relationships between entities rather than predefined roles. In contrast, role-based access control (RBAC) assigns permissions based on the roles assigned to users. In the case of Google Zanzibar, ReBAC enables dynamic access control, which can be used in collaborative environments such as file-sharing and document management systems. [1]
The Zanzibar research paper has influenced the design of other authorization systems based on ReBAC principles. Examples include Airbnb’s internal system Himeji and several open-source projects that adopt similar models. [1]
Implementing a Zanzibar-like system requires substantial engineering and infrastructure resources. Maintaining replication, caching, and schema configurations adds operational complexity. The relationship model may fail to capture policy logic, which can require integration with additional policy or rule-based engines. [1]
