RBAC Access Control Library in Golang

The rbac package provides RBAC (Robe-Based Access Control) in Golang. It is

fast, even used with persisted data store, all reads are done in memory
concurrent safe;
coordinated in real-time among replicas;
exported as very simple interfaces;
designed to use any persisted storage as backend;
limited to minimal external dependencies

This project is still in developing, and is not considered production ready.

How it works

Groupings and Permission

Exported interfaces

`Grouping`: Role assignment

Join(user, role) assign a role to a subject: the subject can exercise a permission assigned to the role
Join(sub, role) assign a higher-level role to a sub-role: roles can be combined in a hierarchy
it also could be used to group objects together: article-category assignment
subject-role, article-category groupings are both optional
when neither of the two is used, RBAC works as ACL(Access Control List)

`Permission`: Permission assignment and authorization

Permit(subject, object, action) assign a permission: a subject or subjects of a role can perform some action to an article or a category of articles
Shall(subject, object, action) authorization: tell if a subject can perform an action to an article

`Action`: Operations could be done to an object

preset actions: read, write, execute
custom actions could be registered through types.ResetActions()

`Persister`s: Persist and coordinate rules among replica set

store grouping and permission rules to a persisted storage to survive application restarts
coordinate multiple replicas of the application works together: changes made by any replica will be send to others, and they will behave same as one

Persisters

The Persister (adapter) does basically two things:

Write (grouping/permission) changes to the storage: Insert/Update/Remove
Watch the storage for changes made by other replicas

Changes made by current replica (and then be watched) will be ignored, implementations need not to care about them. All replicas will keep same rules in memory.

Persister workflow

Available persister implementations

Available persister implementations are listed as follow. PR for other implementations or references to other projects are welcome.

package name	backend	driver	go doc
`github.com/supremind/rbac/persist/mgo`	MongoDB (3.6)	`github.com/globalsign/mgo`
`github.com/supremind/rbac/persist/fake`	-	-	-

# Packages

# README

RBAC Access Control Library in Golang

How it works

Exported interfaces

`Grouping`: Role assignment

`Permission`: Permission assignment and authorization

`Action`: Operations could be done to an object

`Persister`s: Persist and coordinate rules among replica set

Persisters

Available persister implementations

# Packages

# README

RBAC Access Control Library in Golang

How it works

Exported interfaces

Grouping: Role assignment

Permission: Permission assignment and authorization

Action: Operations could be done to an object

Persisters: Persist and coordinate rules among replica set

Persisters

Available persister implementations

`Grouping`: Role assignment

`Permission`: Permission assignment and authorization

`Action`: Operations could be done to an object

`Persister`s: Persist and coordinate rules among replica set