Overview
Casbin is an efficient, open-source access control library that enforces authorization and supports multiple access control models.
Implementing rule-based access control is straightforward: define subjects, objects, and permitted actions in a policy file in any format that fits your needs. This pattern is consistent across all Casbin implementations. The model file gives developers and administrators full control over authorization logic—layout, execution flow, and conditions. The Enforcer component evaluates incoming requests against your model and policy.
Linguaggi Supportati da Casbin
Casbin provides native support for multiple programming languages so you can integrate it into a wide range of projects and workflows:
 |  |  |  |
|---|---|---|---|
| Casbin | jCasbin | node-Casbin | PHP-Casbin |
| Pronto per la produzione | Pronto per la produzione | Pronto per la produzione | Pronto per la produzione |
 |  |  |  |
|---|---|---|---|
| PyCasbin | Casbin.NET | Casbin-CPP | Casbin-RS |
| Pronto per la produzione | Pronto per la produzione | Pronto per la produzione | Pronto per la produzione |
Feature Set by Language
We aim for feature parity across all language implementations; complete uniformity is not yet achieved.
| Funzionalità | Go | Java | Node.js | PHP | Python | C# | Delphi | Rust | C++ | Lua | Dart | Elixir |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enforcement | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ABAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Scaling ABAC (eval()) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Adapter | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ��✅ | ✅ | ✅ | ❌ |
| Management API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Batch API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Filtered Adapter | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Watcher | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Role Manager | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Multi-Threading | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| 'in' of matcher | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
A checkmark (✅) for Watcher or Role Manager means the interface exists in the core library; it does not guarantee that an implementation is available for that language.
Cos'è Casbin?
Casbin is an authorization library for applications that need controlled access to resources. Typically, a subject (user or service) requests access to an object (resource or entity) to perform an action (e.g. read, write, or delete). You define these actions to match your application. This is the standard { subject, object, action } flow that Casbin handles most often.
Casbin also supports more complex scenarios through roles (RBAC), attributes (ABAC), and other patterns.
Cosa Fa Casbin
- Enforces policy in the classic
{ subject, object, action }format or any custom format you define, including both allow and deny. - Manages storage for the access control model and policies.
- Handles user–role and role–role relationships (RBAC role hierarchy).
- Supports built-in superusers (e.g.
root,administrator) with unrestricted access without explicit rules. - Provides built-in operators for pattern matching (e.g.
keyMatchmatches/foo/baragainst/foo*).
What Casbin Does Not Do
- User authentication — validating usernames and passwords at login.
- User or role list management — maintaining the list of users or roles.
Most applications already manage users, roles, and credentials. Casbin focuses only on authorization and does not store or verify passwords. In RBAC mode, it does maintain user–role associations.