Top 10 Go Abac Projects

casbin

38 16,791 7.3 Go

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

Project mention: A guide to Auth & Access Control in web apps 🔐 | dev.to | 2023-11-07

https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.
spicedb

38 4,451 9.7 Go

Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications

Project mention: How do you manage transactions in Go? Do we really need to use one transaction for each request? | /r/golang | 2023-06-02

Have you taken a look at SpiceDB? The Authzed blog has a few posts that are useful to improving your understanding -- I can think of two: New Enemies and Writing relationships to SpiceDB.
InfluxDB

www.influxdata.com
sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
warrant

39 968 9.1 Go

Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.

Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05

Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.
topaz

9 966 9.5 Go

Cloud-native authorization for modern applications and APIs (by aserto-dev)

Project mention: Open Policy Agent | news.ycombinator.com | 2024-03-12

OPA is a great tool for implementing a policy-as-code system. But if you're trying to use it for application authorization (e.g. fine-grained authz for B2B SaaS or a set of internal applications), you may find that its policy story is strong, but it doesn't really have a "data plane": you either store data in a data.json file and rebuild the policy any time that data changes, or make an http.send call out of the policy to fetch dynamic data.
Check out Topaz [0], which uses OPA as its decision engine, but adds a data plane that is based on the ReBAC ideas explored in the Google Zanzibar [1] paper.
Disclaimer: I work on the team [2] that builds and maintains the Topaz project.
[0] https://www.topaz.sh
[1] https://research.google/pubs/zanzibar-googles-consistent-glo...
[2] https://www.aserto.com
casbin-server

3 295 5.2 Go

Casbin as a Service (CaaS)
authz

7 226 6.3 Go

🛡️ Authorization backend that comes with a UI for RBAC and ABAC permissions
restrict

1 38 0.0 Go

RBAC/ABAC authorization library for Go.
WorkOS

workos.com
sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
k8s-gatekeeper

1 35 2.9 Go

Kubernetes (k8s) admission controller webhook based on Casbin
json-adapter

2 16 0.0 Go

JSON adapter for Casbin

Project mention: Cerbos v0.27 released! Do not reinvent user permissions | /r/golang | 2023-06-08

Functionality wise, looks similar to https://github.com/Permify/permify and https://github.com/casbin/casbin. Nice addition to the authz list !!
chi-authz

2 1 3.5 Go

Chi Authorization Middleware based on Casbin

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-03-12.