Policy Storage
Casbin implements policy storage through adapters.
Loading policy from a .CSV file
Loading from a CSV file is the standard approach. This method is straightforward for beginners and convenient when seeking help from the Casbin team.
Here's an example CSV file examples/rbac_policy.csv:
p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin
When CSV fields contain commas, wrap them in double quotes:
p, alice, "data1,data2", read --correct
p, alice, data1,data2, read --incorrect (the whole phrase "data1,data2" should be wrapped in double quotes)
When fields contain both commas and double quotes, wrap the field in double quotes and escape embedded quotes by doubling them:
p, alice, data, "r.act in (""get"", ""post"")" --correct
p, alice, data, "r.act in ("get", "post")" --incorrect (you should use "" to escape "")
Related issue: casbin#886
Adapter API
| Method | Type | Description |
|---|---|---|
| LoadPolicy() | basic | Load all policy rules from the storage |
| SavePolicy() | basic | Save all policy rules to the storage |
| AddPolicy() | optional | Add a policy rule to the storage |
| RemovePolicy() | optional | Remove a policy rule from the storage |
| RemoveFilteredPolicy() | optional | Remove policy rules that match the filter from the storage |
Database Storage Format
Your policy file
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, admin
Corresponding database structure (such as MySQL)
| id | ptype | v0 | v1 | v2 | v3 | v4 | v5 |
|---|---|---|---|---|---|---|---|
| 1 | p | data2_admin | data2 | read | |||
| 2 | p | data2_admin | data2 | write | |||
| 3 | g | alice | admin |
Meaning of each column
-
id: Database primary key, not part of the Casbin policy. Generation method depends on the adapter implementation. -
ptype: Corresponds top,g,g2, etc. -
v0-v5: Generic column names that map to policy CSV values from left to right. The number of columns depends on your policy definition. Most adapters implement 6 columns, though theoretically unlimited columns are possible. Submit an issue to the adapter repository if you need more columns.
Adapter Details
For more information about the adapter API and database structure design, see /docs/adapters.