← Back to all products
$10
RBAC System
Role-based access control with hierarchical roles, granular permissions, and deny-override policies.
JSONMarkdownPython
📄 Product Preview
Try the interactive reader and demo tools below, or get the full product with all content unlocked.
📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample📁 File Structure 9 files
rbac-system/
├── LICENSE
├── README.md
├── examples/
│ └── config.example.json
├── free-sample.zip
├── guide/
│ ├── 01_rbac-system.md
│ ├── 02_features.md
│ └── 03_quick-start.md
├── index.html
└── src/
└── main.py
📖 Documentation Preview README excerpt
RBAC System
Role-based access control with hierarchical roles, granular permissions, deny-override policies, and enforcement engine. Zero dependencies.
Part of the Auth Vault toolkit by [CodeVault](https://codevault.dev).
Features
- Hierarchical roles with inheritance (admin > editor > viewer)
- Granular permissions:
resource:actionformat (e.g.,posts:write) - Wildcard permissions:
posts:*grants all actions on posts - Deny-override: explicit DENY rules beat any ALLOW rule
- Resource-level policies with condition evaluation
- JSON-based policy storage with thread-safe read/write
- CLI tool for role assignment, permission checks, and policy management
- Zero dependencies — Python stdlib only
Quick Start
# Create roles and permissions
python3 src/main.py create-role --name editor --inherits viewer \
--permissions "posts:write" "posts:delete" "media:upload"
# Assign a role to a user
python3 src/main.py assign --user user123 --role editor
# Check a permission
python3 src/main.py check --user user123 --permission posts:write
# List all roles
python3 src/main.py list-roles
# List permissions for a role (including inherited)
python3 src/main.py list-perms --role editor
Using as a Library
from main import RBACManager
rbac = RBACManager()
# Define roles
rbac.create_role("viewer", permissions=["posts:read", "comments:read"])
rbac.create_role("editor", inherits=["viewer"],
permissions=["posts:write", "posts:delete"])
rbac.create_role("admin", inherits=["editor"], permissions=["*"])
# Assign roles
rbac.assign_role("user123", "editor")
# Check permissions
allowed = rbac.check("user123", "posts:write") # True (direct)
allowed = rbac.check("user123", "posts:read") # True (inherited from viewer)
allowed = rbac.check("user123", "users:delete") # False (not in scope)
Permission Format
... continues with setup instructions, usage examples, and more.
📄 Code Sample .py preview
src/main.py
#!/usr/bin/env python3
"""
RBAC System — Role-Based Access Control with Policy Enforcement
================================================================
A complete role-based access control system with hierarchical roles,
granular permissions, resource-level policies, and an enforcement engine.
Design philosophy: Deny by default. Every access request must match an
explicit ALLOW rule, and any DENY rule overrides all ALLOW rules.
This is the safest default for security-critical systems.
Zero dependencies. Import or run as CLI.
Part of the Auth Vault toolkit by DataNest.
License: MIT
"""
from __future__ import annotations
import json
import logging
import os
import threading
from dataclasses import dataclass, field, asdict
from datetime import datetime, timezone
from pathlib import Path
from typing import Any
# ---------------------------------------------------------------------------
# Configuration
# ---------------------------------------------------------------------------
POLICY_FILE = Path("./rbac_policies.json")
logging.basicConfig(
level=logging.INFO,
format="%(asctime)s [%(levelname)s] %(message)s",
datefmt="%Y-%m-%dT%H:%M:%S",
)
logger = logging.getLogger("rbac-system")
# ---------------------------------------------------------------------------
# Data Models
# ---------------------------------------------------------------------------
@dataclass
class Permission:
"""A single permission: resource:action pair.
# ... 503 more lines ...