Overview
Casbin is an efficient, open-source access control library designed to enforce authorization through support for multiple access control models.
Implementing rule-based access control is straightforward: define subjects, objects, and permitted actions in a policy file using any format that suits your requirements. This pattern remains consistent throughout all Casbin implementations. Through the model file, developers and administrators maintain full authority over authorization logic, including layout, execution flow, and conditional requirements. To validate incoming requests against your defined policy and model files, Casbin provides an Enforcer component.
Мови, що підтримуються Casbin
Casbin offers native support across multiple programming languages, enabling seamless integration into diverse projects and workflows:
 |  |  |  |
|---|---|---|---|
| Casbin | jCasbin | node-Casbin | PHP-Casbin |
| Готовий до виробництва | Готовий до виробництва | Готовий до виробництва | Готовий до виробництва |
 |  |  |  |
|---|---|---|---|
| PyCasbin | Casbin.NET | Casbin-CPP | Casbin-RS |
| Готовий до виробництва | Готовий до виробництва | Готовий до виробництва | Готовий до виробництва |
Набір функцій для різних мов
Our goal is feature parity across all language implementations, though we haven't achieved complete uniformity yet.
| Функція | Go | Java | Node.js | PHP | Python | C# | Delphi | Rust | C++ | Lua | Dart | Elixir |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enforcement | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ABAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Scaling ABAC (eval()) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Adapter | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Management API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Batch API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Filtered Adapter | ✅ | ��✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Watcher | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Role Manager | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Multi-Threading | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| 'in' of matcher | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
Note - A checkmark (✅) for Watcher or Role Manager indicates that the interface exists in the core library, not necessarily that an implementation is available.
Що таке Casbin?
Casbin serves as an authorization library for scenarios requiring controlled access to resources. In typical usage, a subject (user or service) requests access to an object (resource or entity) to perform an action (such as read, write, or delete). Developers define these actions according to their application needs. This represents the "standard" or classic { subject, object, action } authorization flow that Casbin handles most commonly.
Beyond this standard model, Casbin accommodates complex authorization scenarios by supporting roles (RBAC), attributes (ABAC), and other advanced patterns.
Що робить Casbin
- Applies policy enforcement in the classic
{ subject, object, action }format or any custom format you define, supporting both allow and deny authorizations. - Manages storage for the access control model and associated policies.
- Handles user-role and role-role relationships (the role hierarchy concept in RBAC).
- Recognizes built-in superusers such as
rootoradministratorwho have unrestricted access without requiring explicit permission rules. - Supplies various built-in operators for pattern matching in rules—for instance,
keyMatchmatches resource key/foo/barto pattern/foo*.
Що Casbin НЕ Робить
- User authentication (validating
usernameandpasswordcredentials during login) - User or role list management
Most applications already manage their own user accounts, roles, and credentials. Casbin wasn't designed as a password storage system—it focuses solely on authorization. That said, Casbin does maintain user-role associations when operating in RBAC mode.