Поддерживаемые модели

ACL (список контроля доступа)
ACL с суперпользователем
ACL without users: This is especially useful for systems that don't have authentication or user logins.
ACL without resources: In some scenarios, the target is a type of resource instead of an individual resource. Permissions like "write-article" and "read-log" can be used. This doesn't control access to a specific article or log.
RBAC (контроль доступа, основанный на ролях)
RBAC with resource roles: Both users and resources can have roles (or groups) at the same time.
RBAC with domains/tenants: Users can have different sets of roles for different domains/tenants.
ABAC (Attribute-Based Access Control): Syntax sugar like "resource.Owner" can be used to get the attribute for a resource.
RESTful: Supports paths like "/res/*", "/res/:id", and HTTP methods like "GET", "POST", "PUT", "DELETE".
Deny-override: Both allow and deny authorizations are supported, where deny overrides allow.
Priority: The policy rules can be prioritized, similar to firewall rules.

Примеры

Модель	Файл модели	Файл политики
ACL	basic_model.conf	basic_policy.csv
ACL с суперпользователем	conf с root_model.conf	basic_policy.csv
ACL без пользователей	basic_without_users_model.conf	basic_without_users_policy.csv
ACL без ресурсов	basic_without_resources_model.conf	basic_without_resources_policy.csv
RBAC	rbac_model.conf	rbac_policy.csv
RBAC с ролями ресурсов	rbac_with_resource_roles_model.conf	rbac_with_resource_roles_policy.csv
RBAC с доменами/арендаторами	rbac_with_domains_model.conf	rbac_with_domains_policy.csv
АДАТ	abac_model.conf	Н/Д
Восстановленный	keymatch_model.conf	keymatch_policy.csv
Запретить переопределение	rbac_with_not_deny_model.conf	rbac_with_deny_policy.csv
Замедлить и запретить	конф rbac_с отрицанием	rbac_with_deny_policy.csv
Приоритет	приоритет_модель.conf	приоритет_policy.csv
Невероятный Приоритет	priority_model_explicit	priority_policy_explic.csv
Предмет - Приоритет	subject_priority_model.conf	subject_priority_policyl.csv