An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

Casbin

Go Report Card Build Status Coverage Status Godoc Release Gitter Sourcegraph

News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/

casbin Logo

Casbin is a powerful and efficient open-source access control library for Golang projects. It provides support for enforcing authorization based on various access control models.

All the languages supported by Casbin:

golang java nodejs php
Casbin jCasbin node-Casbin PHP-Casbin
production-ready production-ready production-ready production-ready
python dotnet c++ rust
PyCasbin Casbin.NET Casbin-CPP Casbin-RS
production-ready production-ready beta-test production-ready

Table of contents

Supported models

  1. ACL (Access Control List)
  2. ACL with superuser
  3. ACL without users: especially useful for systems that don't have authentication or user log-ins.
  4. ACL without resources: some scenarios may target for a type of resources instead of an individual resource by using permissions like write-article, read-log. It doesn't control the access to a specific article or log.
  5. RBAC (Role-Based Access Control)
  6. RBAC with resource roles: both users and resources can have roles (or groups) at the same time.
  7. RBAC with domains/tenants: users can have different role sets for different domains/tenants.
  8. ABAC (Attribute-Based Access Control): syntax sugar like resource.Owner can be used to get the attribute for a resource.
  9. RESTful: supports paths like /res/*, /res/:id and HTTP methods like GET, POST, PUT, DELETE.
  10. Deny-override: both allow and deny authorizations are supported, deny overrides the allow.
  11. Priority: the policy rules can be prioritized like firewall rules.

How it works?

In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

The most basic and simplest model in Casbin is ACL. ACL's model CONF is:

# Request definition
[request_definition]
r = sub, obj, act

# Policy definition
[policy_definition]
p = sub, obj, act

# Policy effect
[policy_effect]
e = some(where (p.eft == allow))

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

An example policy for ACL model is like:

p, alice, data1, read
p, bob, data2, write

It means:

  • alice can read data1
  • bob can write data2

We also support multi-line mode by appending '\' in the end:

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj \
  && r.act == p.act

Further more, if you are using ABAC, you can try operator in like following in Casbin golang edition (jCasbin and Node-Casbin are not supported yet):

# Matchers
[matchers]
m = r.obj == p.obj && r.act == p.act || r.obj in ('data2', 'data3')

But you SHOULD make sure that the length of the array is MORE than 1, otherwise there will cause it to panic.

For more operators, you may take a look at govaluate

Features

What Casbin does:

  1. enforce the policy in the classic {subject, object, action} form or a customized form as you defined, both allow and deny authorizations are supported.
  2. handle the storage of the access control model and its policy.
  3. manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
  4. support built-in superuser like root or administrator. A superuser can do anything without explict permissions.
  5. multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.

What Casbin does NOT do:

  1. authentication (aka verify username and password when a user logs in)
  2. manage the list of users or roles. I believe it's more convenient for the project itself to manage these entities. Users usually have their passwords, and Casbin is not designed as a password container. However, Casbin stores the user-role mapping for the RBAC scenario.

Installation

go get github.com/casbin/casbin/v2

Documentation

https://casbin.org/docs/en/overview

Online editor

You can also use the online editor (https://casbin.org/editor/) to write your Casbin model and policy in your web browser. It provides functionality such as syntax highlighting and code completion, just like an IDE for a programming language.

Tutorials

https://casbin.org/docs/en/tutorials

Get started

  1. New a Casbin enforcer with a model file and a policy file:

    e, _ := casbin.NewEnforcer("path/to/model.conf", "path/to/policy.csv")

Note: you can also initialize an enforcer with policy in DB instead of file, see Policy-persistence section for details.

  1. Add an enforcement hook into your code right before the access happens:

    sub := "alice" // the user that wants to access a resource.
    obj := "data1" // the resource that is going to be accessed.
    act := "read" // the operation that the user performs on the resource.
    
    if res := e.Enforce(sub, obj, act); res {
        // permit alice to read data1
    } else {
        // deny the request, show an error
    }
  2. Besides the static policy file, Casbin also provides API for permission management at run-time. For example, You can get all the roles assigned to a user as below:

    roles, _ := e.GetImplicitRolesForUser(sub)

See Policy management APIs for more usage.

Policy management

Casbin provides two sets of APIs to manage permissions:

  • Management API: the primitive API that provides full support for Casbin policy management.
  • RBAC API: a more friendly API for RBAC. This API is a subset of Management API. The RBAC users could use this API to simplify the code.

We also provide a web-based UI for model management and policy management:

model editor

policy editor

Policy persistence

https://casbin.org/docs/en/adapters

Policy consistence between multiple nodes

https://casbin.org/docs/en/watchers

Role manager

https://casbin.org/docs/en/role-managers

Benchmarks

https://casbin.org/docs/en/benchmark

Examples

Model Model file Policy file
ACL basic_model.conf basic_policy.csv
ACL with superuser basic_model_with_root.conf basic_policy.csv
ACL without users basic_model_without_users.conf basic_policy_without_users.csv
ACL without resources basic_model_without_resources.conf basic_policy_without_resources.csv
RBAC rbac_model.conf rbac_policy.csv
RBAC with resource roles rbac_model_with_resource_roles.conf rbac_policy_with_resource_roles.csv
RBAC with domains/tenants rbac_model_with_domains.conf rbac_policy_with_domains.csv
ABAC abac_model.conf N/A
RESTful keymatch_model.conf keymatch_policy.csv
Deny-override rbac_model_with_deny.conf rbac_policy_with_deny.csv
Priority priority_model.conf priority_policy.csv

Middlewares

Authz middlewares for web frameworks: https://casbin.org/docs/en/middlewares

Our adopters

https://casbin.org/docs/en/adopters

How to Contribute

Please read the contributing guide.

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

License

This project is licensed under the Apache 2.0 license.

Contact

If you have any issues or feature requests, please contact us. PR is welcomed.

Owner
Casbin
Casbin authorization library and the official middlewares
Casbin
Comments
  • When should i call BuildRoleLinks function

    When should i call BuildRoleLinks function

    My App has about 1 millions policies, 800k P policy and 200K G policy. Whenever I add new P policy and assign it to one role, should I call BuildRoleLinks function?

  • Added multiple add and remove policies API functions.

    Added multiple add and remove policies API functions.

    Usage of the following functions is as follows :

    rule1 := []interface{} {"jack", "data4", "read"}
    rule2 := []interface{} {"katy", "data4", "write"}
    rule3 := []interface{} {"leyo", "data4", "read"}
    rule4 := []interface{} {"ham", "data4", "write"}
    
    e.AddPolicies(rule1, rule2, rule3, rule4)
    
    e.RemovePolicies(rule1, rule2, rule3, rule4)
    
    

    Have also added tests for these functions, all the tests pass. Please let me know if any changes required, this is open to changes if required any.

  • fix: reimplement default role manager

    fix: reimplement default role manager

    @techoner, I re-implemented the default role manager as requested https://github.com/casbin/pycasbin/pull/232#issuecomment-995623085

    The implementation is almost identical to pycasbin:role_manager.py

    Changes:

    • split RoleManager into DomainManager and RoleManager
    • remove RoleManager.BuildRelationship

    Bugfixes:

    • avoid mixing RBAC systems in Enforcer.GetImplicitRolesForUser and Enforcer.GetImplicitUsersForRole

    This is my first contribution using golang, so please review carefully :)

  • [QUESTION] what's the difference of `Enforcer` and `SyncedEnforcer` if by default we have locks in every struct with map?

    [QUESTION] what's the difference of `Enforcer` and `SyncedEnforcer` if by default we have locks in every struct with map?

    I'm confused while seeing Lock in every struct with `map. I'm wondering if it's correct and ncessary?

    It's not necessary for Enforcer because normal Enforcer is not thread-safe.

    For syncedEnforcer we can have multiple goroutines reading/writing, we already have a top-level mutex, why do we still need other mutex/lock?

    Any idea?

  • suggestion: add YAML support for model

    suggestion: add YAML support for model

    YAML is a human friendly data serialization standard for all programming languages.

    It can help users to write and verify the model .

    How to help users to write and verify the model?

    We need to write the YAML schema then IDE can provides hints based upon YAML schema provided to helps user write schema efficiently.

    Please refer to https://dzone.com/articles/two-ways-configuration-documentation-with-springnb to write YAML schema then publish to https://github.com/SchemaStore/schemastore.

  • Scaling ABAC Rules

    Scaling ABAC Rules

    I am looking to support ABAC for a CMS-type system, where there could be thousands to potentially even more ABAC rules. Writing one long matcher isn't feasible in this case, nor is having multiple enforcers. Is there any other workaround this?

    An ABAC policy for us is something like If user age is between 24 and 64, then they can "view" some "resource". Any thoughts?

    Also, if this isn't supported, yet, what's the roadmap for something like this?

  • How to synchronize multiple Casbin enforcer instances running with a single pg Gorm adapter?

    How to synchronize multiple Casbin enforcer instances running with a single pg Gorm adapter?

    I'm using Casbin library with pg Gorm adapter in one of my services. I wonder how I can keep Casbin enforcers synched if I'm running multiple instances of that services? Since Casbin policies are loaded once at startup and stored in memory, if one of the instances updates policies later, other enforcers wouldn't be notified. I looked at Casbin server but not sure if that would be helpful in this case, if so how I can achieve the synchronization by using Casbin server? or what are the other options?

  • fix: prevent concurrent map writes in LoadPolicyLine function

    fix: prevent concurrent map writes in LoadPolicyLine function

    I managed to create an environment in which the LoadPolicyLine function regularly causes concurrent map writes panics. Added a global sync.Mutex object that is used exclusively within the LoadPolicyLine function. Have not encountered any locks or concurrent map writes since this addition.

    fatal error: concurrent map writes
    
    goroutine 2247 [running]:
    runtime.throw(0xdd5620, 0x15)
            /usr/local/go/src/runtime/panic.go:1116 +0x72 fp=0xc000175278 sp=0xc000175248 pc=0x43d8d2
    runtime.mapassign_faststr(0xcfd340, 0xc0001db200, 0xc0004d7fa0, 0x19, 0xc0002d1818)
            /usr/local/go/src/runtime/map_faststr.go:291 +0x3d8 fp=0xc0001752e0 sp=0xc000175278 pc=0x41be78
    github.com/casbin/casbin/v2/persist.LoadPolicyLine(0xc0004d7f20, 0x1e, 0xc0002a9ce0)
            /home/example/go/pkg/mod/github.com/casbin/casbin/[email protected]/persist/adapter.go:43 +0x547 fp=0xc000175470 sp=0xc0001752e0 pc=0x9fbcc7
    
  • I want to combine RBAC and ABAC. I read a lot of documentation and I have a few questions.

    I want to combine RBAC and ABAC. I read a lot of documentation and I have a few questions.

    Hello everyone. I wanna choose casbin for manage authorization. I read a lot of documentation and I have a few questions.

    I want to combine RBAC and ABAC. With RBAC I want to control the general access to the API. With ABAC, I want to control access to certain entities (records in database). For example, I have the entity of orders and the entity of the company. Should I create three enforcers? The first one will be with the RBAC model. The second with the ABAC model to control the entity of orders. The third with the ABAC model to control the entity of companies. Right? (each entity has its own set of fields).

    The procedure will be as follows (request to API):

    Run the RBAC enforcer to determine if the user has access to the entity. Run the ABAC enforcer for a specific entity (orders or companies). In the case of ABAC, should I first select an entity from the database and pass it to the enforcer? What if the user requests a list of orders (pagination = 1000)? How to handle this? For example, I can’t pass 1000 entities to an enforcer (my idea is that there should be a common API point, which, depending on the rule, gives only those records that satisfy the condition of the model matcher)? P.S. Sorry for my english. Thanks.

  • How to solve the huge data when I use persistent Database?

    How to solve the huge data when I use persistent Database?

    Hi hsluoyz,

    I use casbin gorm_adapter to store policies and roles in database, when I run the program, all policies will be load into memory. But if there are millions policies, I can not do this. How to solve the huge policy data? Can I check only one policy from database?

    Cheers Gordon

  • [Question] Policy Group

    [Question] Policy Group

    Want to prioritize this issue? Try:

    issuehunt-to-marktext


    What's your scenario? What do you want to achieve? Is there a config or a way to use multi-policy like methods?

    Your model:

    [request_definition]
    r = sub, obj, act
    
    [policy_definition]
    p = sub, obj, act, eft
    
    [role_definition]
    g = _, _
    
    [policy_effect]
    e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
    
    [matchers]
    m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && regexMatch(r.act, p.act)
    

    Your policy:

    p, alice1, /alice_data, (GET)|(POST), allow
    p, alice2, /alice_data/:id, (GET)|(PUT)|(DELETE), allow
    p, bob1, /bob_data, (GET)|(POST), allow
    p, bob2, /bob_data/:id, (GET)|(PUT)|(DELETE), allow
    
    g, alice, (alice1)|(alice2)
    g, other, bob1
    

    Your request(s):

    alice, /alice_data, GET ---> false (expected: true)
    other, /bob_data, POST ---> true (ok)
    
  • Does using Casbin.NET support defining multiple M's in matchers? For example, m1 m2

    Does using Casbin.NET support defining multiple M's in matchers? For example, m1 m2

    When I configure the following figure in the conf file: image Error will be displayed: can not find the assertion at the section m and policy type m. 。 I don't know if. net temporarily doesn't support defining multiple M's in matchers, or if my writing is wrong. image

  • [Question] - domain inheritance with pattern matching

    [Question] - domain inheritance with pattern matching

    I want to have a RBAC model where there are multiple domains and subdomains. The roles across all domains can be the same with access to the same resources, but they should only be allowed access within a specific subdomain/domain

    Your model:

    r = sub, dom, obj, act
    
    [policy_definition]
    p = sub, dom, obj, act
    
    [role_definition]
    g = _, _, _
    g2 = _, _
    
    [policy_effect]
    e = some(where (p.eft == allow))
    
    [matchers]
    m = (g(r.sub, p.sub, r.dom) || g2(r.dom, p.dom)) && \
    r.obj == p.obj && \
    r.act == p.act
    

    Your policy:

    p, user, *, data, read
    p, user, *, data, write
    p, admin, *, data, read
    p, admin, *, data, write
    
    g, alice, user, subdomain1
    g, bob, admin, domain1
    
    g2, subdomain1, domain1
    g2, subdomain2, domain1
    
    

    Your request(s):

    alice, subdomain1, data, read --> true (expected true)
    bob, domain1, data, read --> true (expected true)
    bob, subdomain1, data, read --> false( expected true)
    bob, subdomain2, data, read --> false (expected true
    

    In this case, bob is an admin of domain1, and subdomain1 and subdomain2 are part of domain1, which he should automatically inherit access to. How can I get the || g2(r.dom, p.dom) part of to use keyMatch. It is changing subdomain1 in the request to domain1, but then matching domain1 and *, which only match through keyMatch

  • [Question] - Need some suggestion on role manager implementation.

    [Question] - Need some suggestion on role manager implementation.

    I've been trying to resolve the domain hierarchy and I eventually got stuck on your PR https://github.com/casbin/casbin/pull/1040 on casbin which is still not merged.

    On latest casbin changes, some test cases failed. I couldn't solve the issue. If anyone could help me fix the issue.

    Here in the tests, first 5 tests are failing in https://gist.github.com/sujit-baniya/95afc4219a7f0d0de0e7781d8f9fce19#file-rbac_domain_test-go

    Please suggest any solution.

  • [Question] concurrent race when LoadPolicy is called

    [Question] concurrent race when LoadPolicy is called

    Want to prioritize this issue? Try:

    issuehunt-to-marktext


    What's your scenario? What do you want to achieve?

    Sometimes when a watcher calls LoadPolicy to synchronize policies, panic occurs:

    fatal error: concurrent map iteration and map write goroutine 152 [running]: runtime.throw({0x2557e5c?, 0x3711778?}) /usr/local/Cellar/go/1.18.3/libexec/src/runtime/panic.go:992 +0x71 fp=0xc000c9b818 sp=0xc000c9b7e8 pc=0x103e7d1 runtime.mapiternext(0xc000307dd0?) /usr/local/Cellar/go/1.18.3/libexec/src/runtime/map.go:871 +0x60a fp=0xc000c9b8a8 sp=0xc000c9b818 pc=0x1012eea runtime.mapiterinit(0x234dae0?, 0xc00064d110, 0xc000c9ba78) /usr/local/Cellar/go/1.18.3/libexec/src/runtime/map.go:861 +0x18c fp=0xc000c9b8c8 sp=0xc000c9b8a8 pc=0x101288c github.com/casbin/casbin/v2/model.(*Assertion).copy(0xc0008fe880) /Users/sasakiyori/go/pkg/mod/github.com/casbin/casbin/[email protected]/model/assertion.go:108 +0x2cf fp=0xc000c9bae8 sp=0xc000c9b8c8 pc=0x199c00f github.com/casbin/casbin/v2/model.Model.Copy(0xc0006dd800) /Users/sasakiyori/go/pkg/mod/github.com/casbin/casbin/[email protected]/model/model.go:384 +0x1b0 fp=0xc000c9bc58 sp=0xc000c9bae8 pc=0x19a0cd0 github.com/casbin/casbin/v2.(*Enforcer).LoadPolicy(0xc000684000) /Users/sasakiyori/go/pkg/mod/github.com/casbin/casbin/[email protected]/enforcer.go:291 +0x5a fp=0xc000c9bdc8 sp=0xc000c9bc58 pc=0x19b76ba github.com/casbin/casbin/v2.(*Enforcer).SetWatcher.func1({0x1c29, 0xa}) /Users/sasakiyori/go/pkg/mod/github.com/casbin/casbin/[email protected]/enforcer.go:260 +0x25 fp=0xc000c9bde8 sp=0xc000c9bdc8 pc=0x19b7645 github.com/casbin/etcd-watcher/v2.(*Watcher).startWatch(0xc000349c00) /Users/sasakiyori/go/pkg/mod/github.com/casbin/etcd-watcher/[email protected]/watcher.go:127 +0x268 fp=0xc000c9bfc0 sp=0xc000c9bde8 pc=0x2289c28 github.com/casbin/etcd-watcher/v2.NewWatcher.func1() /Users/sasakiyori/go/pkg/mod/github.com/casbin/etcd-watcher/[email protected]/watcher.go:67 +0x25 fp=0xc000c9bfe0 sp=0xc000c9bfc0 pc=0x22892e5 runtime.goexit() /usr/local/Cellar/go/1.18.3/libexec/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc000c9bfe8 sp=0xc000c9bfe0 pc=0x1072e01 created by github.com/casbin/etcd-watcher/v2.NewWatcher /Users/sasakiyori/go/pkg/mod/github.com/casbin/etcd-watcher/[email protected]/watcher.go:66 +0x2a8


    I can't reproduce it every time, but I think the problem may arised here:

    As the call chain shown below, when a goroutine do iteration in ast.PolicyMap from ast.copy(), any other goroutines write into this map(such as AddPolicy) may cause panic.

    func (e *Enforcer) LoadPolicy() error {
    	needToRebuild := false
            // panic occurs
    	newModel := e.model.Copy()
    	newModel.ClearPolicy()
            // ...
    }
    
    func (model Model) Copy() Model {
    	newModel := NewModel()
    
    	for sec, m := range model {
    		newAstMap := make(AssertionMap)
                     // ast is a pointer of AssertionMap
    		for ptype, ast := range m {
    			newAstMap[ptype] = ast.copy()
    		}
    		newModel[sec] = newAstMap
    	}
    
    	newModel.SetLogger(model.GetLogger())
    	return newModel
    }
    
    func (ast *Assertion) copy() *Assertion {
    	tokens := append([]string(nil), ast.Tokens...)
    	policy := make([][]string, len(ast.Policy))
    
    	for i, p := range ast.Policy {
    		policy[i] = append(policy[i], p...)
    	}
    	policyMap := make(map[string]int)
            // map is unsafe between goroutines
            // when it is iterating, other goroutine's write operation may cause panic
    	for k, v := range ast.PolicyMap {
    		policyMap[k] = v
    	}
    
    	newAst := &Assertion{
    		Key:           ast.Key,
    		Value:         ast.Value,
    		PolicyMap:     policyMap,
    		Tokens:        tokens,
    		Policy:        policy,
    		FieldIndexMap: ast.FieldIndexMap,
    	}
    
    	return newAst
    }
    

    And What confused me is: After copy a new model, it will clear policy map, so the copy of PolicyMap from ast.copy() is useless. Could you create a new copy function to eliminate these unsafe operations?

    func (e *Enforcer) LoadPolicy() error {
    	needToRebuild := false
    	newModel := e.model.Copy()
    	newModel.ClearPolicy()
            // ...
    }
    
    func (model Model) ClearPolicy() {
    	for _, ast := range model["p"] {
    		ast.Policy = nil
    		ast.PolicyMap = map[string]int{}
    	}
    
    	for _, ast := range model["g"] {
    		ast.Policy = nil
    		ast.PolicyMap = map[string]int{}
    	}
    }
    
  • [Question] Is there any better design?

    [Question] Is there any better design?

    Want to prioritize this issue? Try:

    issuehunt-to-marktext


    What's your scenario? What do you want to achieve? hello, first of all, thanks for your excellent work on this project. I am nearly a beginner and have search and read issues about my qustion, but I still have some questions.

    Let me describe my scenery:

    1. I need a global admin role, and any one belongs to it have almost all actions on all resources.
    2. each resource have its owners and operators.

    I searched the issue and docs, but do not find a good way to achieve this, so I start to design it. Thanks for the ability of casbin which can combine RBAC with ABAC, I design the model and policy below.

    Your model:

    [request_definition]
    r = sub, act
    r2 = sub, obj, act
    
    [policy_definition]
    p = sub, act, eft
    p2 = sub, sub_rule, obj, act, eft
    
    [role_definition]
    g = _, _
    
    [policy_effect]
    e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
    e2 = some(where (p.eft == allow)) && !some(where (p.eft == deny))
    
    [matchers]
    m = g(r.sub, p.sub) && regexMatch(r.act, p.act)
    m2 = (p2.obj == "*" || r2.obj.ID == p2.obj) && (p2.sub == "*" || r2.sub == p2.sub) && regexMatch(r2.act, p2.act) && (p2.sub_rule == "" || eval(p2.sub_rule))
    

    Your policy:

    p, admin, .*, allow
    g, Rainshaw, admin
    
    p2, *, r2.sub in r2.obj.Owners, *, .*, allow
    p2, *, (r2.sub in r2.obj.Operators) && r2.act != "delete", *, .*, allow
    

    Your request(s):

    # EnforceContext("1")
    Rainshaw, create ---> true (expected: true)
    Rainshaw, delete ---> true (expected: true)
    
    # EnforceContext("2")
    alice, {Owners: ["alice"], Operators: ["bob"]}, create ---> true (expected: true)
    bob, {Owners: ["alice"], Operators: ["bob"]}, create ---> true (expected: true)
    alice, {Owners: ["alice"], Operators: ["bob"]}, delete ---> true (expected: true)
    bob, {Owners: ["alice"], Operators: ["bob"]}, delete ---> false (expected: false)
    

    And, I store the Owners and Operators in database, and read it when build EnforceRequest. so, my question is whether there is better way to achieve it. And if there is not any better way, should we put this solution in docs or somewhere else, as for this scenery is really common.

  • feat: allow missing/existing policies in batch manipulation

    feat: allow missing/existing policies in batch manipulation

    fix https://github.com/casbin/casbin-core/issues/9 fix https://github.com/casbin/casbin-pg-adapter/issues/42#issuecomment-1207359836

    What's more, it makes sure all functions in policy.go have the same behavior regarding to duplication.

ACL, RBAC, ABAC authorization middleware for KubeSphere

casbin-kubesphere-auth Casbin-kubesphere-auth is a plugin which apply several security authentication check on kubesphere via casbin. This plugin supp

Jun 9, 2022
goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.

goRBAC goRBAC provides a lightweight role-based access control implementation in Golang. For the purposes of this package: * an identity has one or mo

Dec 29, 2022
Role Based Access Control (RBAC) with database persistence

Authority Role Based Access Control (RBAC) Go package with database persistence Install First get authority go get github.com/harranali/authority Next

Dec 8, 2022
Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Aug 5, 2022
BK-IAM is a centralized permission management service provided by The Tencent BlueKing; based on ABAC

(English Documents Available) Overview 蓝鲸权限中心(BK-IAM)是蓝鲸智云提供的集中权限管理服务,支持基于蓝鲸开发框架的SaaS和企业第三方系统的权限控制接入,以及支持细粒度的权限管理。 架构设计 代码目录 Features 蓝鲸权限中心是基于 ABAC 强

Nov 16, 2022
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role.
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role.

Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URL and Role. URLs and Roles are managed as YAML-based

Dec 20, 2022
Backend Development Rest Api Project for book management system. Used Features like redis, jwt token,validation and authorization.

Golang-restapi-project Simple Rest Api Project with Authentication, Autherization,Validation and Connection with redis File Structure ├── cache │ ├──

May 25, 2022
Open source RBAC library. Associate users with roles and permissions.
Open source RBAC library. Associate users with roles and permissions.

ℹ️ This package is completely open source and works independently from Permify. Associate users with roles and permissions This package allows you to

Jan 2, 2023
Minimalistic RBAC package for Go applications

RBAC Overview RBAC is a package that makes it easy to implement Role Based Access Control (RBAC) models in Go applications. Download To download this

Oct 25, 2022
Go + Vue开发的管理系统脚手架, 前后端分离, 仅包含项目开发的必需部分, 基于角色的访问控制(RBAC), 分包合理, 精简易于扩展。 后端Go包含了gin、 gorm、 jwt和casbin等的使用, 前端Vue基于vue-element-admin开发
Go + Vue开发的管理系统脚手架, 前后端分离, 仅包含项目开发的必需部分, 基于角色的访问控制(RBAC), 分包合理, 精简易于扩展。 后端Go包含了gin、 gorm、 jwt和casbin等的使用, 前端Vue基于vue-element-admin开发

go-web-mini Go + Vue开发的管理系统脚手架, 前后端分离, 仅包含项目开发的必需部分, 基于角色的访问控制(RBAC), 分包合理, 精简易于扩展。 后端Go包含了gin、 gorm、 jwt和casbin等的使用, 前端Vue基于vue-element-admin开发: http

Dec 25, 2022
YSHOP-GO基于当前流行技术组合的前后端RBAC管理系统:Go1.15.x+Beego2.x+Jwt+Redis+Mysql8+Vue 的前后端分离系统,权限控制采用 RBAC,支持数据字典与数据权限管理,支持动态路由等

YSHOP-GO 后台管理系统 项目简介 YSHOP-GO基于当前流行技术组合的前后端RBAC管理系统:Go1.15.x+Beego2.x+Jwt+Redis+Mysql8+Vue 的前后端分离系统,权限控制采用 RBAC,支持数据字典与数据权限管理,支持动态路由等 体验地址: https://go

Dec 30, 2022
RBAC scaffolding based on Gin + Gorm+ Casbin + Wire
RBAC scaffolding based on Gin + Gorm+ Casbin + Wire

Gin Admin 基于 GIN + GORM + CASBIN + WIRE 实现的RBAC权限管理脚手架,目的是提供一套轻量的中后台开发框架,方便、快速的完成业务需求的开发。 特性 遵循 RESTful API 设计规范 & 基于接口的编程规范 基于 GIN 框架,提供了丰富的中间件支持(JWT

Dec 28, 2022
基于 Echo + Gorm + Casbin + Uber-FX 实现的 RBAC 权限管理脚手架,致力于提供一套尽可能轻量且优雅的中后台解决方案。
基于 Echo + Gorm + Casbin + Uber-FX 实现的 RBAC 权限管理脚手架,致力于提供一套尽可能轻量且优雅的中后台解决方案。

Echo-Admin 基于 Echo + Gorm + Casbin + Uber-FX 实现的 RBAC 权限管理脚手架,致力于提供一套尽可能轻量且优雅的中后台解决方案。 English | 简体中文 特性 遵循 RESTful API 设计规范 基于 Echo API 框架,提供了丰富的中间件支

Dec 14, 2022
Generate K8s RBAC policies based on e2e test runs

rbac-audit Have you ever wondered whether your controller actually needs all the permissions it has granted to it? Wonder no more! This repo contains

Aug 2, 2021
Incomplete CRUD/RBAC service meant to be a practice for Go

Incomplete CRUD / RBAC Service in Go The repository name means nothing. But your task is to complete this repository on your own to be a functional CR

Nov 9, 2021
A practical RBAC implementation

RBAC This project contains a practical RBAC implementation by Golang. It's actually a demo now. With in-memory storage, no database or file storage ye

Dec 1, 2021
⛩️ Go library for protecting HTTP handlers with authorization bearer token.

G8, pronounced Gate, is a simple Go library for protecting HTTP handlers with tokens. Tired of constantly re-implementing a security layer for each

Nov 14, 2022
Go library providing in-memory implementation of an OAuth2 Authorization Server / OpenID Provider

dispans Go library providing in-memory implementation of an OAuth2 Authorization Server / OpenID Provider. The name comes from the Swedish word dispen

Dec 22, 2021
A library for Go client applications that need to perform OAuth authorization against a server
A library for Go client applications that need to perform OAuth authorization against a server

oauth-0.8.0.zip oauth A library for Go client applications that need to perform OAuth authorization against a server, typically GitHub.com. Traditiona

Oct 13, 2021