← Back to all products

RBAC System

$10

Role-based access control with hierarchical roles, granular permissions, and deny-override policies.

📁 9 files
JSONMarkdownPython

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 9 files

rbac-system/ ├── LICENSE ├── README.md ├── examples/ │ └── config.example.json ├── free-sample.zip ├── guide/ │ ├── 01_rbac-system.md │ ├── 02_features.md │ └── 03_quick-start.md ├── index.html └── src/ └── main.py

📖 Documentation Preview README excerpt

RBAC System

Role-based access control with hierarchical roles, granular permissions, deny-override policies, and enforcement engine. Zero dependencies.

Part of the Auth Vault toolkit by [CodeVault](https://codevault.dev).

Features

  • Hierarchical roles with inheritance (admin > editor > viewer)
  • Granular permissions: resource:action format (e.g., posts:write)
  • Wildcard permissions: posts:* grants all actions on posts
  • Deny-override: explicit DENY rules beat any ALLOW rule
  • Resource-level policies with condition evaluation
  • JSON-based policy storage with thread-safe read/write
  • CLI tool for role assignment, permission checks, and policy management
  • Zero dependencies — Python stdlib only

Quick Start


# Create roles and permissions
python3 src/main.py create-role --name editor --inherits viewer \
    --permissions "posts:write" "posts:delete" "media:upload"

# Assign a role to a user
python3 src/main.py assign --user user123 --role editor

# Check a permission
python3 src/main.py check --user user123 --permission posts:write

# List all roles
python3 src/main.py list-roles

# List permissions for a role (including inherited)
python3 src/main.py list-perms --role editor

Using as a Library


from main import RBACManager

rbac = RBACManager()

# Define roles
rbac.create_role("viewer", permissions=["posts:read", "comments:read"])
rbac.create_role("editor", inherits=["viewer"],
                 permissions=["posts:write", "posts:delete"])
rbac.create_role("admin", inherits=["editor"], permissions=["*"])

# Assign roles
rbac.assign_role("user123", "editor")

# Check permissions
allowed = rbac.check("user123", "posts:write")    # True (direct)
allowed = rbac.check("user123", "posts:read")     # True (inherited from viewer)
allowed = rbac.check("user123", "users:delete")   # False (not in scope)

Permission Format

... continues with setup instructions, usage examples, and more.

📄 Code Sample .py preview

src/main.py #!/usr/bin/env python3 """ RBAC System — Role-Based Access Control with Policy Enforcement ================================================================ A complete role-based access control system with hierarchical roles, granular permissions, resource-level policies, and an enforcement engine. Design philosophy: Deny by default. Every access request must match an explicit ALLOW rule, and any DENY rule overrides all ALLOW rules. This is the safest default for security-critical systems. Zero dependencies. Import or run as CLI. Part of the Auth Vault toolkit by DataNest. License: MIT """ from __future__ import annotations import json import logging import os import threading from dataclasses import dataclass, field, asdict from datetime import datetime, timezone from pathlib import Path from typing import Any # --------------------------------------------------------------------------- # Configuration # --------------------------------------------------------------------------- POLICY_FILE = Path("./rbac_policies.json") logging.basicConfig( level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s", datefmt="%Y-%m-%dT%H:%M:%S", ) logger = logging.getLogger("rbac-system") # --------------------------------------------------------------------------- # Data Models # --------------------------------------------------------------------------- @dataclass class Permission: """A single permission: resource:action pair. # ... 503 more lines ...
Buy Now — $10 Back to Products