# spicedb


04/19/2023, 2:48 PM
Hello, quick question. I'm considering authzed for a migration of a legacy permissions system -- the legacy permissions system is wonky in a lot of ways but can generally be migrated to a system where you have a list of users, a list of functional rights, and list of resources that then get tied together. It has grant policies and deny policies that are evaluated holistically then aggregated (if no policy exists, no access, if grant policy exists without deny, access is granted, if deny policy exists no access even if there is a grant policy). Unfortunately there is a another third type of policy this is not capable of being evaluated in a vacuum, it needs to look at what other policies exist. I know this is probably not standard behavior in most authorization systems. Does authzed allow for custom policy behaviors to be implimented easily? (I know it's open source, I'm looking for something like a plugin or interface that I can implement to define a new behavior) We're looking at deprecating this new system gradually, and I'm just trying to figure out if I can tell management "we need to deprecate it before we can migrate off" or "we can patch it into our migration target if we can't get our customers to change"