Authorization library that supports access control models like ACL, RBAC, ABAC

Casbin is a powerful and efficient open-source access control library. It provides support for enforcing authorization based on various access control models like ACL, RBAC, ABAC for Golang, Java, Node.js, PHP, Python, .NET (C#), Delphi and Rust.

What Casbin does:

  1. Enforce the policy in the classic {subject, object, action} form or a customized form as you defined, both allow and deny authorizations are supported.
  2. Handle the storage of the access control model and its policy.
  3. Manage the role-user mappings and role-role mappings (aka role hierarchy in RBAC).
  4. Support built-in superuser like root or administrator. A superuser can do anything without explict permissions.
  5. Multiple built-in operators to support the rule matching. For example, keyMatch can map a resource key /foo/bar to the pattern /foo*.

What Casbin does NOT do:

  1. Authentication (aka verify username and password when a user logs in)
  2. Manage the list of users or roles. I believe it's more convenient for the project itself to manage these entities. Users usually have their passwords, and Casbin is not designed as a password container. However, Casbin stores the user-role mapping for the RBAC scenario.

For more details, see:

lightbulb_outline View ideas list


  • go
  • javascript
  • react
  • rust
  • python


  • Security
  • security
  • front-end
  • web
  • cloud
  • authorization
comment IRC Channel
email Mailing list
mail_outline Contact email

Casbin 2020 Projects

    The main aim of the project is to implement casbin technology in C++. Hence, it boils down to porting the existing fully functional Golang...
  • Zihui Liu
    Extend Casbin to the Frontend
    Casbin is an authorization library. Its support for diverse programming languages, different access control models and the powerful adapters gains it...
  • Yi sheng Chai
    Impelement the Async SQL Adapter and Actix-web middleware for Casbin-rs
    Implement a fully asynchronous adapter: sqlx-adapter using sqlx. Actix actor and actix-web middleware using RBAC with domain