【casbin】RBAC實踐
阿新 • • 發佈:2018-12-13
Features What Casbin does: 1.enforce the policy in the classic {subject, object, action} form or a customized form as you defined, both allow and deny authorizations are supported. 2.handle the storage of the access control model and its policy. 3.manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC). support built-in superuser like root or administrator. A superuser can do anything without explict permissions. 4.multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*. What Casbin does NOT do: 1.authentication (aka verify username and password when a user logs in) 2.manage the list of users or roles. I believe it's more convenient for the project itself to manage these entities. Users usually have their passwords, and Casbin is not designed as a password container. However, Casbin stores the user-role mapping for the RBAC scenario.