Overview
Casbin is an efficient, open-source access control library designed to enforce authorization through support for multiple access control models.
Implementing rule-based access control is straightforward: define subjects, objects, and permitted actions in a policy file using any format that suits your requirements. This pattern remains consistent throughout all Casbin implementations. Through the model file, developers and administrators maintain full authority over authorization logic, including layout, execution flow, and conditional requirements. To validate incoming requests against your defined policy and model files, Casbin provides an Enforcer component.
Casbin支持的语言
Casbin offers native support across multiple programming languages, enabling seamless integration into diverse projects and workflows:
 |  |  |  |
|---|---|---|---|
| Casbin | jCasbin | node-Casbin | PHP-Casbin |
| 生产就绪 | 生产就绪 | 生产就绪 | 生产就绪 |
 |  |  |  |
|---|---|---|---|
| PyCasbin | Casbin.NET | Casbin-CPP | Casbin-RS |
| 生产就绪 | 生产就绪 | 生产就绪 | 生产就绪 |
不同语言的功能集
Our goal is feature parity across all language implementations, though we haven't achieved complete uniformity yet.
| 特性 | Go | Java | Node.js | PHP | Python | C# | Delphi | Rust | C++ | Lua | Dart | Elixir |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enforcement | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ABAC | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Scaling ABAC (eval()) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Adapter | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Management API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| RBAC API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Batch API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Filtered Adapter | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Watcher | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Role Manager | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Multi-Threading | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| 'in' of matcher | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | �❌ | ✅ | ✅ |
Note - A checkmark (✅) for Watcher or Role Manager indicates that the interface exists in the core library, not necessarily that an implementation is available.
什么是Casbin?
Casbin serves as an authorization library for scenarios requiring controlled access to resources. In typical usage, a subject (user or service) requests access to an object (resource or entity) to perform an action (such as read, write, or delete). Developers define these actions according to their application needs. This represents the "standard" or classic { subject, object, action } authorization flow that Casbin handles most commonly.
Beyond this standard model, Casbin accommodates complex authorization scenarios by supporting roles (RBAC), attributes (ABAC), and other advanced patterns.
Casbin做什么
- Applies policy enforcement in the classic
{ subject, object, action }format or any custom format you define, supporting both allow and deny authorizations. - Manages storage for the access control model and associated policies.
- Handles user-role and role-role relationships (the role hierarchy concept in RBAC).
- Recognizes built-in superusers such as
rootoradministratorwho have unrestricted access without requiring explicit permission rules. - Supplies various built-in operators for pattern matching in rules—for instance,
keyMatchmatches resource key/foo/barto pattern/foo*.
Casbin 不做什么
- User authentication (validating
usernameandpasswordcredentials during login) - User or role list management
Most applications already manage their own user accounts, roles, and credentials. Casbin wasn't designed as a password storage system—it focuses solely on authorization. That said, Casbin does maintain user-role associations when operating in RBAC mode.