Giters

sagilio / fastac

access control for go, supports RBAC, ABAC and ACL, drop-in replacement for casbin

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

FastAC

access control for go, supports RBAC, ABAC and ACL, drop-in replacement for casbin

Test Coverage Go Report Card Godoc

FastAC is a drop in replacement for Casbin. In some cases, FastAC can improve the performance significantly.

API documentation: https://pkg.go.dev/github.com/abichinger/fastac

Please refer to the Casbin Docs for explanation of terms.

Getting Started

Installation

go get github.com/abichinger/fastac

First you need to prepare an access control model. The syntax of FastAC models is identical to Casbin models.

An ACL (Access Control List) model looks like this:

#File: model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
r.sub == p.sub && r.obj == p.obj && r.act == p.act

Next, you need to load some policy rules. To get started you can load your rules from a text file. For production you should use a storage adapter.

#File: policy.csv
p, alice, data1, read
p, alice, data2, read
p, bob, data1, write
p, bob, data2, write

Go code to resolve access requests

//create an enforcer
e, err := fastac.NewEnforcer("model.conf", "policy.csv")

//check if alice is allowed to read data1
if allow, _ := e.Enforce("alice", "data1", "read"); allow == true {
    // permit alice to read data1
} else {
    // deny the request
}

New Features

Policy Indexing

Matchers will be divided into multiple stages. As a result FastAC will index all policy rules, which reduces the search space for access requests. This feature brings the most performance gain.

Advanced Policy Filtering

FastAC can filter the policy rules with matchers. The Filter function also supports filtering grouping rules. The fields of a grouping rule can be accessed by g.user, g.role, g.domain

//Examples

//get all policy rules belonging to domain1
e.Filter(SetMatcher("p.dom == \"domain1\"")

//get all policy rules, which grant alice read access
e.Filter(SetMatcher("g(\"alice\", p.sub) && p.act == \"read\"")

//get all grouping rules for alice
e.Filter(SetMatcher("g.user == \"alice\"")

Supported Models

  • ACL - Access Control List
  • ACL-su - Access Control List with super user
  • ABAC - Attribute Based Access Control
  • RBAC - Role Based Access Control
  • RBAC-domain - Role Based Access Control with domains/tenants

Adapter List

  • File Adapter (built-in) - not recommended for production
  • Gorm Adapter

Performance Comparison

RBAC Benchmark

ABAC Benchmark

More benchmarks

Feature Overview

  • Enforcement
  • RBAC
  • ABAC
  • Adapter
  • Default Role Manager
  • Third Party Role Managers
  • Filtered Adapter
  • Watcher
  • Dispatcher

Attribution

FastAC uses the following libraries or parts of it.

About

access control for go, supports RBAC, ABAC and ACL, drop-in replacement for casbin

License:Apache License 2.0

Languages

Language:Go 98.5%Language:Makefile 0.8%Language:HTML 0.7%