With RBAC (role-based access control), you’re either an admin who can edit everything or a viewer who can edit nothing. There’s no “Whitney can edit this document but not that one” without custom application logic.

In this episode of 🌩️ Thunder, Raghd Hamzeh, OpenFGA maintainer at Auth0, explains relationship-based authorization. When Whitney shares a document with Raghd, you tell OpenFGA “Raghd is now an editor of this document.” Later, when Raghd tries to access it, OpenFGA already knows — no database calls, no runtime logic.

We cover how OpenFGA differs from RBAC and attribute-based systems, why sharing becomes trivially easy, how immutable authorization models let you test changes against production data safely, and what auditability looks like when permissions live outside your application code.

Watch now → youtu.be/HCniFFtEm…

Thunder episode thumbnail featuring Whitney Lee and Raghd Hamzeh. Large yellow text reads "OpenFGA" with subtitle "Relationship-Based Authorization at Scale". Whitney appears on the left laughing and pointing upward, wearing a denim jacket. Raghd appears on the right wearing glasses and a yellow shirt. A lightboard with authorization architecture diagrams is visible in the background. The Thunder logo appears in the top left corner.