Comparison
Where Merge’s Permissions Fall Short, and How Paragon Solves the Permissions Challenge
Paragon's permissions strategy was built to handle file storage nuances from integrations like Google Drive, Confluence, and SharePoint. Read about how Paragon's approach compares to Merge's, how they work, and downstream tradeoffs.
Jack Mu
,
Developer Relations
Integrating with file storage providers for RAG and agent context use cases starts off simple. You pull down your users' files from their Google Drive, SharePoint, Notion, etc., and run them through your preprocessing and indexing in your RAG pipeline.
But one step that complicates file storage integrations is file permissions. Unlike CRM data or meeting transcript data, files can have complex permissions where users are parts of teams, files are held in folders, and permissions are propagated at every level.
Both Paragon and Merge have managed solutions for syncing your users' file storage data and handling file permissions - Paragon with Managed Sync and Merge with Unified - but only Paragon’s approach is comprehensive enough to handle all the nuances and edge cases that are non-negotiable for enterprise usage. Whether it’s accuracy, developer experience, and traceability, Paragon’s permissions strategy beats out Merge across the board.
Paragon vs Merge's Permissions Approach
Before going into why Paragon’s approach is superior to Merge’s, let’s discuss the methodology each platform uses. These high-level design decisions have downstream effects on permissions accuracy, handling, and monitoring.
Paragon's Approach: Permissions API with FGA
Paragon's Permissions API is built off Fine Grained Authorization (FGA) to manage permissions. Unlike RBAC, ABAC, and ACLs, Fine Grained Authorization uses relationship-based access control (ReBAC) to propagate and reconcile permissions for modeling hierarchies, subsets, and networks. Relationships could be direct to a file (users have a “can_read” relationship with a file) or indirect (users have a “is_member” relationship with a space, which has a “can_read” to a folder with a “parent” relationship to a file).
Many file storage solutions, like Google Drive, natively use ReBAC for their permissions. In fact, Google's entire authorization system is built off a ReBAC-based system called Zanzibar.
Paragon manages a highly performant and scalable FGA graph for our customers on our infrastructure as part of the file storage sync. Whenever you initialize a sync to start ingesting your users' files, Paragon starts indexing an FGA graph for that user and keeps that graph up-to-date for their lifetime.
From there, you can use Paragon's Permission Graph as the source of truth and check/query via the Permissions API.
Merge's Approach: ACL with their Files Object
Access Control Lists (or ACLs) are a simplistic, brute-force approach to permissions. When Merge syncs your users' files, they will flatten the native file storage permissions into a list with every user and group with access to that file.
These permissions are a field in Merge's File object, which you can store in your databases or query from Merge's API at retrieval-time.
Accuracy Tradeoffs
File storage permissions are complex. They are also filled with edge cases. Offloading that work while guaranteeing accurate access control is what your integration infrastructure should do.
Paragon's ReBAC-based FGA uses the same native approach as the most popular file storage providers. If Google, SharePoint, Box use ReBAC, the most accurate representation of their permissions should also be ReBAC, not ACL.
FGA allows Paragon to handle the same nuances that the file storage provider handles. Some real examples of edge cases we covered:
In Google Drive, files can be shared via links for any user even if they do not have an explicit reader, writer, or owner role. Paragon will pull all of the viewers of a specific file and add permissions to them in your managed FGA.
In SharePoint, deny lists can override permissions from inheriting folder permissions. Paragon adds these relationships to the FGA graph so synced permissions behave the same way as they would in SharePoint.
Merge's ACLs will not cleanly model these edge cases and will require you to pull down permissions from Merge's file objects, folder objects, and group objects to build logic for these edge cases yourself. This manual method is the only way to accurately represent all of the integration-specific edge cases with Merge.
This is logic that your integrations platform should do for you, and why Paragon’s managed FGA approach is superior to Merge’s ACL.
Performance Tradeoffs
Permissions are pervasive across your application, whether you need to check permissions when a user needs to export a file or an agent needs to retrieve data for RAG.
On Paragon's managed FGA approach, the Permissions API is used to check permissions at retrieval time. However, this doesn’t add significant latency at retrieval-time. The Permissions API comes with a /batch-check endpoint to check permissions for multiple files with just one API call. You can further optimize performance by self-hosting Paragon’s highly performant infra (capable of handling 10M+ requests/month) in your VPC to reduce latency between your Paragon-managed FGA and your backend infrastructure.
With Merge, you could either store Merge’s ACL permissions or, similar to Paragon’s Permissions API implementation, query at run-time. If you're planning on storing these permissions on your infrastructure, this introduces the risk of stale permissions and re-indexing your permissions data from Merge to capture changes. In this case, your engineering team is doing a lot of the heavy-lifting, lifting your integration infrastructure platform should be doing for you.
If you're not planning on storing these permissions to enforce retrievals on your infrastructure at retrieval-time, you will have to use Merge's /files endpoint to check file permissions. Except unlike Paragon's managed FGA approach, Merge:
Does not offer a
/batch-checkendpoint to check multiple filesMay require 1+ API calls at retrieval-time to cover edge cases
Auditability Tradeoffs
Integration platforms need to be able to allow you to debug access control. If your users are denied context from a file they should have access to, you should be able to track the lineage of permissions and explain why permissions were enforced on a file asset.
Paragon's FGA approach makes sure access control can always be audited by mapping out the underlying relationships from the file storage integration provider. Using the /expand endpoint, Paragon displays how a user was granted access to a document (role, link, folder, group, etc.). The /expand endpoint has helped us audit exceptions and edge cases like Confluence's deny lists and Google Workspace nested groups.
With Merge, you can neither audit permissions nor have any visibility into how Merge built their ACL list. While the ACL data structure can be simpler for straightforward use cases, Merge's approach does not allow you to debug permission errors, expand how access was granted, and confirm if a permission was correctly given. Your only choice on Merge is to trust their permissions indexing without the ability to audit how access is given through groups, folders, deny lists, or links.
Wrapping Up
Paragon has taken a meticulous approach to file permissions, as permissions is a non-negotiable feature that has to be done right. The Paragon team is confident that the FGA approach is the best approach for accuracy, scalable performance, and auditability. Paragon's managed FGA and Permissions API maintains the complexity of mapping native permissions and keeps permission data up-to-date while providing a simple way to access that data.
To learn more about how Paragon fits with your integration strategy, sign up for a free trial or schedule a call with our integrations team.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 425 552" xmlns="http://www.w3.org/2000/svg"><defs ><linearGradient id="lhM4UE7y4-1807422454-linear-gradient" x1="0.49751243781094523" x2="0.5024875621890548" y1="0" y2="1"><stop offset="0" stop-color="rgba(97, 64, 229, 0.16)"/><stop offset="1" stop-color="rgb(145, 118, 251)"/></linearGradient><linearGradient id="ozqTbFI9H-1807422454-linear-gradient" x1="0.49751243781094523" x2="0.5024875621890548" y1="0" y2="1"><stop offset="0" stop-color="rgba(97, 64, 229, 0.16)"/><stop offset="1" stop-color="rgb(145, 118, 251)"/></linearGradient><linearGradient id="pE26o4gxW-1807422454-linear-gradient" x1="0.49751243781094523" x2="0.5024875621890548" y1="0" y2="1"><stop offset="0" stop-color="rgba(97, 64, 229, 0.16)"/><stop offset="1" stop-color="rgb(145, 118, 251)"/></linearGradient><linearGradient id="HHOgKLOd0-1807422454-linear-gradient" x1="0.49751243781094523" x2="0.5024875621890548" y1="0" y2="1"><stop offset="0" stop-color="rgba(97, 64, 229, 0.16)"/><stop offset="1" stop-color="rgb(145, 118, 251)"/></linearGradient></defs><path d="M 6.434 119.935 C 2.798 117.846 0.98 116.802 0.383 115.445 C -0.138 114.262 -0.127 112.912 0.413 111.738 C 1.033 110.391 2.866 109.376 6.535 107.346 L 186.592 7.74 C 194.253 3.502 198.084 1.383 202.139 0.552 C 205.728 -0.184 209.429 -0.184 213.018 0.552 C 217.073 1.383 220.903 3.502 228.565 7.741 L 408.621 107.346 C 412.29 109.376 414.124 110.391 414.744 111.738 C 415.284 112.912 415.295 114.262 414.774 115.445 C 414.176 116.802 412.358 117.846 408.723 119.935 L 229.174 223.08 C 221.305 227.6 217.37 229.861 213.189 230.746 C 209.489 231.529 205.667 231.529 201.967 230.746 C 197.786 229.861 193.852 227.6 185.982 223.08 Z" fill="url(%23lhM4UE7y4-1807422454-linear-gradient)" height="231.33281694397522px" id="lhM4UE7y4" transform="translate(5 0)" width="415.15720989312115px"/><path d="M 3.528 66.547 C 2.242 65.781 1.598 65.398 1.131 64.869 C 0.717 64.4 0.406 63.851 0.215 63.257 C 0 62.585 0 61.837 0 60.339 L 0 9.188 C 0 5.09 0 3.041 0.86 1.854 C 1.611 0.818 2.765 0.15 4.037 0.016 C 5.495 -0.14 7.272 0.881 10.825 2.922 L 190.662 106.233 C 198.532 110.754 202.466 113.014 206.647 113.899 C 210.347 114.682 214.169 114.682 217.869 113.899 C 222.05 113.014 225.985 110.754 233.854 106.233 L 413.691 2.922 C 417.245 0.881 419.022 -0.14 420.479 0.016 C 421.75 0.15 422.905 0.819 423.655 1.854 C 424.516 3.041 424.516 5.09 424.516 9.188 L 424.516 64.78 C 424.516 66.303 424.516 67.065 424.294 67.746 C 424.098 68.349 423.777 68.904 423.352 69.375 C 422.871 69.907 422.211 70.286 420.89 71.045 L 234.252 178.262 C 226.245 182.862 222.242 185.162 217.992 186.041 C 214.232 186.818 210.35 186.787 206.602 185.95 C 202.367 185.005 198.4 182.642 190.467 177.915 L 3.527 66.547 Z" fill="url(%23ozqTbFI9H-1807422454-linear-gradient)" height="186.6011677519727px" id="ozqTbFI9H" transform="translate(0 153)" width="424.51599999999996px"/><path d="M 3.528 66.546 C 2.242 65.78 1.598 65.396 1.131 64.867 C 0.717 64.399 0.406 63.85 0.215 63.256 C 0 62.584 0 61.835 0 60.338 L 0 9.188 C 0 5.09 0 3.04 0.86 1.854 C 1.611 0.818 2.765 0.15 4.037 0.016 C 5.495 -0.14 7.272 0.881 10.825 2.922 L 190.662 106.232 C 198.532 110.752 202.466 113.013 206.647 113.898 C 210.347 114.681 214.169 114.681 217.869 113.898 C 222.05 113.013 225.985 110.752 233.854 106.232 L 413.691 2.922 C 417.245 0.881 419.022 -0.14 420.479 0.016 C 421.75 0.15 422.905 0.819 423.655 1.854 C 424.516 3.04 424.516 5.09 424.516 9.188 L 424.516 64.778 C 424.516 66.302 424.516 67.063 424.294 67.745 C 424.098 68.347 423.777 68.902 423.352 69.373 C 422.871 69.905 422.211 70.285 420.89 71.044 L 234.252 178.261 C 226.245 182.861 222.242 185.161 217.992 186.039 C 214.232 186.816 210.35 186.785 206.602 185.949 C 202.367 185.003 198.4 182.64 190.467 177.914 L 3.527 66.546 Z" fill="url(%23pE26o4gxW-1807422454-linear-gradient)" height="186.5992791581399px" id="pE26o4gxW" transform="translate(0 261)" width="424.51599999999996px"/><path d="M 3.528 62.172 C 2.242 61.406 1.598 61.023 1.131 60.494 C 0.717 60.026 0.406 59.477 0.215 58.882 C 0 58.21 0 57.462 0 55.965 L 0 9.1 C 0 5.067 0 3.051 0.848 1.87 C 1.588 0.84 2.727 0.168 3.987 0.019 C 5.43 -0.151 7.195 0.825 10.724 2.777 L 191.044 102.529 C 198.785 106.811 202.655 108.952 206.749 109.779 C 210.373 110.511 214.109 110.494 217.726 109.729 C 221.812 108.864 225.663 106.688 233.364 102.335 L 305.348 61.648 C 308.891 59.646 310.662 58.645 312.114 58.807 C 313.38 58.948 314.528 59.618 315.274 60.65 C 316.129 61.834 316.129 63.869 316.129 67.939 L 316.129 121.417 C 316.129 122.925 316.129 123.679 315.911 124.355 C 315.718 124.953 315.403 125.505 314.984 125.974 C 314.512 126.504 313.861 126.886 312.561 127.649 L 234.368 173.545 C 226.323 178.267 222.301 180.628 218.019 181.542 C 214.231 182.351 210.313 182.338 206.53 181.505 C 202.254 180.563 198.247 178.175 190.233 173.401 Z" fill="url(%23HHOgKLOd0-1807422454-linear-gradient)" height="182.13937459493218px" id="HHOgKLOd0" transform="translate(0 369.5)" width="316.1290000000001px"/></svg>)
