n8n-nodes-permitio

An n8n community node for integrating with Permit.io authorization service. Permit is a fullstack, plug-and-play application-level authorization solution. This node allows you to check permissions, retrieve user permissions, and get authorized users directly within your n8n workflows.

Features

• Check Permissions: Verify if a user has permission to perform a specific action on a resource
• Get User Permissions: Retrieve all permissions for a specific user across tenants and resources
• Get Authorized Users: Find all users authorized to perform a specific action on a resource type

Installation

Install via n8n UI:

1. In your n8n workflow editor, click the "+" to add a new node
2. Search for "Permit" in the node search box
3. Click on the Permit node in the search results
4. Click "Install node" button in the Node details panel
5. Wait for installation to complete
6. The Permit node will now be available in your workflow

Package name: @permitio/n8n-nodes-permitio

For alternative installation methods, follow the installation guide in the n8n community nodes documentation.

Credentials

To use this node, you need to set up Permit.io API credentials in n8n.

Prerequisites:

• A Permit.io account
• Your Permit.io API key

Setting up credentials:

1. In n8n, go to the Overview tab in the left sidebar
2. Click on the Credentials tab
3. Click "Add first credential" (or "Create credential" if you have existing credentials)
4. Search for "Permit" and select "Permit API"
5. Fill in the required fields:
   • API Key: Your Permit.io API key (found in Permit.io dashboard under Settings → API Keys)
   • PDP URL: https://cloudpdp.api.permit.io (default for cloud PDP)

For ABAC and ReBAC policies:

• Local PDP: If running a self-hosted PDP container, you'll need to expose it publicly (e.g., using ngrok) and use that public URL
• Example: https://abc123.ngrok.io instead of http://localhost:7766
• This provides better performance and supports advanced policy types

Getting your API key:

1. Log into your Permit.io dashboard
2. Go to Settings → API Keys
3. Copy your API key and paste it into the n8n credential configuration

Note: Keep your API key secure and never share it publicly.

Operations

Check

• Check if a user has permission to perform an action on a resource
• Supports RBAC, ABAC, and ReBAC policies with automatic attribute extraction
• Returns boolean permission result with detailed debug information

Configuration:

• User: {{$node['Webhook'].json.body.employee_email}}
• Action: submit
• Resource: expense
• Enable ABAC: ✅ (automatically extracts expense_amount, category, etc.)

Response Sample:

{
	"allow": true,
	"decision": "2024-01-15T10:30:00Z",
	"debug": {
		"reason": "User john.employee can submit expense within $2000 limit"
	}
}

Get User Permissions

• Get all permissions for a specific user
• Filter by resource types
• Optional ABAC support for dynamic permissions

Configuration:

• User: john.employee
• Resource Types: expense,document
• Enable ABAC: ✅

Response Sample:

{
	"permissions": [
		{
			"resource": "expense",
			"action": "submit",
			"allowed": true
		}
	]
}

Get Authorized Users

• Find all users who can perform a specific action on a resource
• Useful for approval workflows and delegation
• Returns list of authorized users with their roles and permissions

Configuration:

• Action: approve
• Resource Type: expense
• Resource Attributes: {"expense_amount": 1500, "category": "Travel"}
• Enable ABAC: ✅

Response Sample:

[
	{
		"resource": "expense:*",
		"tenant": "default",
		"users": {
			"[email protected]": [
				{
					"user": "[email protected]",
					"tenant": "default",
					"resource": "resourceset_all_5fexpenses",
					"role": "userset_finance_5fteam"
				}
			]
		}
	}
]

Basic Usage Example

This example shows how to build an ABAC-powered expense approval workflow using the Permit node.

Scenario: Employees submit expenses for approval. The system automatically determines if they can submit based on their spending limits, then routes to authorized approvers.

Workflow:

1. Webhook receives expense submission (employee_email, expense_amount, category)
2. Check Permission with ABAC enabled - automatically extracts expense attributes
3. IF node branches on approval/denial
4. TRUE path: Get Authorized Users → Send Email to approver
5. FALSE path: Return 403 error response

Result:

• Employee submitting $1500 (within $2000 limit) → Email sent to finance approver
• Employee submitting $2500 (exceeds limit) → Access denied with detailed error

This demonstrates how the Permit node enables complex authorization workflows with minimal configuration.

Compatibility

• Minimum n8n version: 1.0+
• Node.js: 20.15+ required
• Tested with: n8n 1.111.0

Resources

• n8n community nodes documentation
• Permit.io Documentation
• Permit.io API Reference
• Getting Started with Permit.io

Authorization Models:

• ABAC Guide - Building Your First ABAC Policy
• ReBAC Guide - What is ReBAC?
• Create a ReBAC Policy

Infrastructure & Deployment:

• Terraform Provider Guide
• Self-Deployed PDP for ABAC/ReBAC
• Running Local PDP Container

API Methods:

• Permit.check() - Permission Checking
• Get User Permissions API
• Get Authorized Users API

License

MIT

Contributing

Contributions are welcome! Please read our contributing guidelines and submit pull requests to our GitHub repository.

---

Built with ❤️ for the n8n community