Casbin

Casbin

  • Docs
  • API
  • Editor
  • Help
  • Blog
  • Languages iconEnglish
    • 中文
    • Help Translate
  • GitHub

›The Basics

The Basics

  • Overview
  • Installation
  • Get Started
  • How it Works
  • Tutorials

Model

  • Supported Models
  • Syntax for Models
  • Function
  • RBAC
  • RBAC with Domains
  • ABAC

Storage

  • Model Storage
  • Policy Storage
  • Policy Subset Loading

Extensions

  • Adapters
  • Watchers
  • Role Managers
  • Middlewares

API

  • Management API
  • RBAC API

Advanced Usage

  • Multi-threading
  • Benchmarks

Management

  • Admin Portal
  • Casbin Service
  • Log & Error Handling
  • Online Editor

More

  • Our Adopters
Edit

How it Works

In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

The most basic and simplest model in Casbin is ACL. ACL's model CONF is:

# Request definition
[request_definition]
r = sub, obj, act

# Policy definition
[policy_definition]
p = sub, obj, act

# Policy effect
[policy_effect]
e = some(where (p.eft == allow))

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act

An example policy for ACL model is like:

p, alice, data1, read
p, bob, data2, write

It means:

  • alice can read data1
  • bob can write data2

We also support multi-line mode by appending '\' in the end:

# Matchers
[matchers]
m = r.sub == p.sub && r.obj == p.obj \ 
  && r.act == p.act

Further more, if you are using ABAC, you can try operator in like following in Casbin golang edition (jCasbin and Node-Casbin are not supported yet):

# Matchers
[matchers]
m = r.obj == p.obj && r.act == p.act || r.obj in ('data2', 'data3')

But you SHOULD make sure that the length of the array is MORE than 1, otherwise there will cause it to panic.

For more operators, you may take a look at govaluate

Last updated on 7/13/2019
← Get StartedTutorials →
Casbin
Docs
Getting StartedManagement APIRBAC APIMiddlewares
Community
Who's using Casbin?Mailing ListStack OverflowProject Chat
Casbin      jCasbin
node-Casbin    PHP-CasbinpyCasbin    Casbin.NET
Follow @CasbinNews
Copyright © 2019 Casbin contributors.