Overview

Casbin is an efficient, open-source access control library designed to enforce authorization through support for multiple access control models.

Implementing rule-based access control is straightforward: define subjects, objects, and permitted actions in a policy file using any format that suits your requirements. This pattern remains consistent throughout all Casbin implementations. Through the model file, developers and administrators maintain full authority over authorization logic, including layout, execution flow, and conditional requirements. To validate incoming requests against your defined policy and model files, Casbin provides an Enforcer component.

Idiomas soportados por Casbin

Casbin offers native support across multiple programming languages, enabling seamless integration into diverse projects and workflows:

Casbin	jCasbin	node-Casbin	PHP-Casbin
Listo para producción	Listo para producción	Listo para producción	Listo para producción

PyCasbin	Casbin.NET	Casbin-CPP	Casbin-RS
Listo para producción	Listo para producción	Listo para producción	Listo para producción

Conjunto de Características para Diferentes Lenguajes

Our goal is feature parity across all language implementations, though we haven't achieved complete uniformity yet.

Característica	Go	Java	Node.js	PHP	Python	C#	Delphi	Rust	C++	Lua	Dart	Elixir
Enforcement	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
RBAC	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
ABAC	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
Scaling ABAC (eval())	✅	✅	✅	✅	✅	✅	❌	✅	✅	✅	✅	✅
Adapter	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
Management API	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
RBAC API	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
Batch API	✅	✅	✅	✅	✅	✅	❌	✅	✅	✅	❌	❌
Filtered Adapter	✅	✅	✅	✅	✅	✅	❌	✅	✅	✅	❌	❌
Watcher	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌	❌
Role Manager	✅	✅	✅	✅	✅	✅	❌	✅	✅	✅	✅	❌
Multi-Threading	✅	✅	✅	❌	✅	❌	❌	✅	❌	❌	❌	❌
'in' of matcher	✅	✅	✅	✅	✅	❌	✅	❌	❌	❌	✅	✅

Note - A checkmark (✅) for Watcher or Role Manager indicates that the interface exists in the core library, not necessarily that an implementation is available.

Casbin es una biblioteca de autorización que se puede utilizar en flujos donde queremos que un cierto objeto o entidad sea accedido por un usuario específico o sujeto.

Casbin serves as an authorization library for scenarios requiring controlled access to resources. In typical usage, a subject (user or service) requests access to an object (resource or entity) to perform an action (such as read, write, or delete). Developers define these actions according to their application needs. This represents the "standard" or classic { subject, object, action } authorization flow that Casbin handles most commonly.

Beyond this standard model, Casbin accommodates complex authorization scenarios by supporting roles (RBAC), attributes (ABAC), and other advanced patterns.

Hacer cumplir la política en la forma clásica { sujeto, objeto, acción } o una forma personalizada como usted definió.

1. Applies policy enforcement in the classic { subject, object, action } format or any custom format you define, supporting both allow and deny authorizations.
2. Manages storage for the access control model and associated policies.
3. Handles user-role and role-role relationships (the role hierarchy concept in RBAC).
4. Recognizes built-in superusers such as root or administrator who have unrestricted access without requiring explicit permission rules.
5. Supplies various built-in operators for pattern matching in rules—for instance, keyMatch matches resource key /foo/bar to pattern /foo*.

Lo que Casbin NO Hace

1. User authentication (validating username and password credentials during login)
2. User or role list management

Most applications already manage their own user accounts, roles, and credentials. Casbin wasn't designed as a password storage system—it focuses solely on authorization. That said, Casbin does maintain user-role associations when operating in RBAC mode.