Overview
Casbin is a powerful and efficient open-source access control library that supports various access control models for enforcing authorization across the board.
Enforcing a set of rules is as simple as listing subjects, objects and the desired allowed action (or any other format per your needs) in a policy file. This is synonymous across all flows Casbin is used in. The developer/administrator has complete control over the layout, execution and conditions for authorization which is set via the model file. Casbin provides an Enforcer for validating an incoming request based on the policy and model files given to the Enforcer.
What is Casbin?β
Casbin is an authorization library which can be used in flows where we want a certain
object or entity to be accessed by a specific user or subject. The type of access (or action)
can be read, write, delete or any other action as set by the developer.
This method of using Casbin is most widely applied and is referred to as the "standard"
or classic { subject, object, action } flow.
Casbin is capable of handling many complex authorization scenarios other than the standard flow. There can be addition of roles (RBAC), attributes (ABAC) etc.
What Casbin does:β
Enforces the policy in the classic
{ subject, object, action }or customized form as you defined, supporting both allow and deny authorizations.Handles the storage of the access control model and its policy.
Manages the role-user mappings and role-role mappings (also known as role hierarchy in RBAC).
Supports built-in superusers like root or administrator. A superuser can do anything without explicit permission.
Allocates multiple built-in operators to support the rule matching. For example,
keyMatchcan map a resource key/foo/barto the pattern/foo*.
What Casbin does NOT do:β
- Authentication (verify
usernameandpasswordwhen a user logs in) - Manage the list of users or roles.
It is more convenient for the project to manage it's list of users, roles or passwords. Users usually have their passwords and Casbin is not designed as a password container. However, Casbin stores the user-role mapping for the RBAC scenario.
Languages supported by Casbin:β
Casbin provides support for various programming languages, ready to be integrated within any project and workflow:
 |  |  |  |
|---|---|---|---|
| Casbin | jCasbin | node-Casbin | PHP-Casbin |
| production-ready | production-ready | production-ready | production-ready |
 |  |  |  |
|---|---|---|---|
| PyCasbin | Casbin.NET | Casbin-CPP | Casbin-RS |
| production-ready | production-ready | production-ready | production-ready |
Feature set for different languagesβ
We are constantly working to make Casbin have the same features for all languages. However, presently, the following features exist in the respective languages.
| Feature | Go | Java | Node.js | PHP | Python | C# | Delphi | Rust | C++ | Lua | Dart | Elixir |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enforcement | β | β | β | β | β | β | β | β | β | β | β | β |
| RBAC | β | β | β | β | β | β | β | β | β | β | β | β |
| ABAC | β | β | β | β | β | β | β | β | β | β | β | β |
Scaling ABAC (eval()) | β | β | β | β | β | β | β | β | β | β | β | β |
| Adapter | β | β | β | β | β | β | β | β | β | β | β | β |
| Management API | β | β | β | β | β | β | β | β | β | β | β | β |
| RBAC API | β | β | β | β | β | β | β | β | β | β | β | β |
| Batch API | β | β | β | β | β | β | β | β | β | β | β | β |
| Filtered Adapter | β | β | β | β | β | β | β | β | β | β | β | β |
| Watcher | β | β | β | β | β | β | β | β | β | β | β | β |
| Role Manager | β | β | β | β | β | β | β | β | β | β | β | β |
| Multi-Threading | β | β | β | β | β | β | β | β | β | β | β | β |
| 'in' of matcher | β | β | β | β | β | β | β | β | β | β | β | β |
β for Watcher or Role Manager only means having the interface in the core library. It is not indicative of whether there is a watcher or role manager implementation available.