Supported models

1. ACL (Access Control List)
2. ACL with superuser
3. ACL without users: especially useful for systems that don't have authentication or user log-ins.
4. ACL without resources: some scenarios may target for a type of resources instead of an individual resource by using permissions like write-article, read-log. It doesn't control the access to a specific article or log.
5. RBAC (Role-Based Access Control)
6. RBAC with resource roles: both users and resources can have roles (or groups) at the same time.
7. RBAC with domains/tenants: users can have different role sets for different domains/tenants.
8. ABAC (Attribute-Based Access Control): syntax sugar like resource.Owner can be used to get the attribute for a resource.
9. Graphql support .
10. Deny-override: both allow and deny authorizations are supported, deny overrides the allow.
11. Priority: the policy rules can be prioritized like firewall rules.

Get started

1. npm install
2. npm start