💖 Looking for an open-source identity and access management solution like Okta, Auth0, Keycloak ? Learn more about: Casdoor

CasbinAn authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir

Get Started
Golang
Java
C/C++
Node.js
Front-end js
PHP
Laravel
Python
.NET (C#)
Delphi
Rust
Ruby
Swift (Objective-C)
Lua (OpenResty, Kong, APISIX)
Dart (Flutter)
Elixir
Cloud Native (Kubernetes, Istio, Envoy, KubeSphere)

Hybrid access control models

In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration.

Flexible policy storage

Besides memory and file, Casbin policy can be stored into lots of places. Currently, dozens of databases are supported, from MySQL, Postgres, Oracle to MongoDB, Redis, Cassandra, AWS S3. Check the full supported list at: https://v1.casbin.org/docs/en/adapters

Cross-languages & cross-platforms

Casbin is implemented in Golang, Java, PHP and Node.js. All implementations share the same API and behaviors. You can learn Casbin once and use it everywhere.

Policy persistence

In Casbin, the policy storage is implemented as an adapter(aka middleware for Casbin). To keep light-weight, we don't put adapter code in the main library (except the default file adapter). A complete list of Casbin adapters is provided as below. Any 3rd-party contribution on a new adapter is welcomed, please inform us and I will put it in this list:) For details of adapters, please refer to the documentation: https://v1.casbin.org/docs/en/adapters

Policy enforcement at scale

Some adapters support filtered policy management. This means that the policy loaded by Casbin is a subset of the policy in storage based on a given filter. This allows for efficient policy enforcement in large, multi-tenant environments when parsing the entire policy becomes a performance bottleneck.

To use filtered policies with a supported adapter, simply call the LoadFilteredPolicy method. The valid format for the filter parameter depends on the adapter used. To prevent accidental data loss, the SavePolicy method is disabled when a filtered policy is loaded.

For example, the following code snippet uses the built-in filtered file adapter and the RBAC model with domains. In this case, the filter limits the policy to a single domain. Any policy lines for domains other than "domain1" are omitted from the loaded policy:

Role manager

The role manager is used to manage the RBAC role hierarchy (user-role mapping) in Casbin. A role manager can retrieve the role data from Casbin policy rules or external sources such as LDAP, Okta, Auth0, Azure AD, etc. We support different implementations of a role manager. To keep light-weight, we don't put role manager code in the main library (except the default role manager). A complete list of Casbin role managers is provided as: https://v1.casbin.org/docs/en/role-managers

Who's using Casbin?

Hundreds of projects are using Casbin, from established Fortune 500 companies to hot new startups. If you're curious to see what can be accomplished with Casbin, check out these apps!

Intel RMDVMware HarborCasbin Authorization PluginOrange GobisCisco CloudVerizonAlibabaRed HatTencentT-MobileIBMF5Boser/SpaceXElastic360HoneywellHPESchneider ElectricSIEMENSKubeMQOVOMusmaOntario GovernmentJDLTApache Pulsar
More Casbin Users