Skip to content

Casbin RBAC Implementation Documentation

Introduction to Casbin

Casbin is a powerful and flexible access control library for authorization enforcement. It provides support for various access control models, including Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and more. In this documentation, we focus on implementing RBAC using Casbin in a Go application.

Understanding RBAC (Role-Based Access Control)

RBAC is a widely used access control model where access rights are assigned based on roles. In this model, users are assigned roles, and permissions are associated with these roles. Users inherit permissions from the roles they are assigned. This simplifies access management by centralizing permissions and role assignments.

RBAC Model Configuration File (rbac_model.conf)

The RBAC model configuration file defines the structure and behavior of the RBAC system. It consists of several sections:

  • Request Definition: Defines the components of a request, typically including subject (user), object (resource), and action.
  • Policy Definition: Defines the structure of policies, specifying the components needed to enforce access control rules.
  • Role Definition: Defines the roles and role hierarchy within the system.
  • Policy Effect: Specifies the effect of policies, whether to allow or deny access.
  • Matchers: Defines the matching logic used to evaluate access control policies.
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && r.act == p.act

Setting up the PostgreSQL Database

To persist data and manage user roles and permissions, we utilize a PostgreSQL database. Docker provides an easy way to set up and manage PostgreSQL instances.

Docker Setup

docker run --name casbin-postgres -e POSTGRES_PASSWORD=samir -p 5432:5432 -d postgres

This command initializes a PostgreSQL container named "casbin-postgres" with the password "samir" and exposes port 5432.

Utilizing GORM ORM and Casbin Adapter

GORM is a popular ORM library for Go, offering robust database operations and schema management. We leverage GORM for interacting with the PostgreSQL database.

Initializing Database Connection

dsn := "user=postgres password=samir dbname=casbin host=localhost port=5432 sslmode=disable"
DB, err = gorm.Open(postgres.Open(dsn), &gorm.Config{})

We connect to the PostgreSQL database using GORM and the provided DSN (Data Source Name).

Casbin Adapter Configuration

Casbin provides adapters to integrate with various databases. We use the GORM adapter to store Casbin policy data in PostgreSQL.

a, err := gormadapter.NewAdapter("postgres", dsn, true)
e, err := casbin.NewEnforcer("casbin/rbac_model.conf", a)

The GORM adapter is initialized with the PostgreSQL DSN, and then a Casbin enforcer is created using the RBAC model configuration file and the adapter.

Enforcing Policies

if err := e.Enforce("alice", "data1", "read"); err != nil {
    fmt.Println("alice can read data1")
} else {
    fmt.Println("alice can't read data1")
}

In this example, the "alice" user can read data1.

Conclusion

In this guide, we have introduced the basics of RBAC in Casbin. We have also demonstrated how to use Casbin in a Go application.