Casbin

Casbin

  • Docs
  • API
  • Editor
  • IDE Plugins
  • Single Sign-On (SSO)
  • Forum
  • Help
  • Blog
  • Pricing
  • Contact Sales
  • Languages iconEnglish
    • 中文
    • 한국어
    • Русский
    • Français
    • Deutsch
    • 日本語
    • Help Translate
  • GitHub

›Model

The Basics

  • Overview
  • Get Started
  • How it Works
  • Tutorials

Model

  • Supported Models
  • Syntax for Models
  • Effector
  • Function
  • RBAC
  • RBAC with Pattern
  • RBAC with Domains
  • Casbin RBAC v.s. RBAC96
  • ABAC
  • Priority Model
  • Super Admin

Storage

  • Model Storage
  • Policy Storage
  • Policy Subset Loading

Extensions

  • Enforcers
  • Adapters
  • Watchers
  • Dispatchers
  • Role Managers
  • Middlewares
  • GraphQL Middlewares
  • Cloud Native Middlewares

API

  • API Overview
  • Management API
  • RBAC API
  • RBAC with Domains API
  • RoleManager API
  • Data Permissions

Advanced Usage

  • Multi-threading
  • Benchmarks
  • Performance Optimization
  • Authorization of Kubernetes
  • Authorization of Service Mesh through Envoy

Management

  • Admin Portal
  • Casbin Service
  • Log & Error Handling
  • Frontend Usage

Editor

  • Online Editor
  • IDE Plugins

More

  • Our Adopters
  • Contributing
  • Privacy Policy
  • Terms of Service
Edit

Supported Models

  1. ACL (Access Control List)
  2. ACL with superuser
  3. ACL without users: especially useful for systems that don't have authentication or user log-ins.
  4. ACL without resources: some scenarios may target for a type of resources instead of an individual resource by using permissions like write-article, read-log. It doesn't control the access to a specific article or log.
  5. RBAC (Role-Based Access Control)
  6. RBAC with resource roles: both users and resources can have roles (or groups) at the same time.
  7. RBAC with domains/tenants: users can have different role sets for different domains/tenants.
  8. ABAC (Attribute-Based Access Control): syntax sugar like resource.Owner can be used to get the attribute for a resource.
  9. RESTful: supports paths like /res/*, /res/:id and HTTP methods like GET, POST, PUT, DELETE.
  10. Deny-override: both allow and deny authorizations are supported, deny overrides the allow.
  11. Priority: the policy rules can be prioritized like firewall rules.

Examples

ModelModel filePolicy file
ACLbasic_model.confbasic_policy.csv
ACL with superuserbasic_with_root_model.confbasic_policy.csv
ACL without usersbasic_without_users_model.confbasic_without_users_policy.csv
ACL without resourcesbasic_without_resources_model.confbasic_without_resources_policy.csv
RBACrbac_model.confrbac_policy.csv
RBAC with resource rolesrbac_with_resource_roles_model.confrbac_with_resource_roles_policy.csv
RBAC with domains/tenantsrbac_with_domains_model.confrbac_with_domains_policy.csv
ABACabac_model.confN/A
RESTfulkeymatch_model.confkeymatch_policy.csv
Deny-overriderbac_with_not_deny_model.confrbac_with_deny_policy.csv
Allow-and-denyrbac_with_deny_model.confrbac_with_deny_policy.csv
Prioritypriority_model.confpriority_policy.csv
Explicit Prioritypriority_model_explicitpriority_policy_explicit.csv
Subject-Prioritysubject_priority_model.confsubject_priority_policyl.csv
Last updated on 11/28/2022
← TutorialsSyntax for Models →
  • Examples
Casbin
Docs
Getting StartedManagement APIRBAC APIMiddlewares
Community
Who's using Casbin?Stack Overflow
Casbin          jCasbin
Node-Casbin   PHP-CasbinPyCasbin          Casbin.NETCasbin-CPP        Casbin-RS
Follow @casbinHQ
Copyright © 2022 Casbin Organization