[caipre]

Definitely going to be looking more into this. I am just about to start a project that needs ACLs, and I was surprised to find that I was going to have to write a solution myself.

In case I just missed them, are there some comparable projects to this? Is there an established library in the space?

[weitzj]

We are using https://github.com/mikespook/gorbac right now, which works well for us.

But we do not have any multi tenant requirements.

[golangman]

I have been there many many times. This is the reason for writing that library, because there are no good solutions that cover 99% of your cases. RBAC is limited, ACL is a managing nightmare, DAC is also limited, and so on. What really hit me where those AWS IAM policies which are plain beautiful, hence this library.

However, usually major programming languages have some sort of ACL/RBAC module around.

[grey-area]

I use a much smaller solution than this which just registers a list of permissions in memory of the form: role x can perform action y on resource z and then offers checks like can.Manage(resource,role). So it avoids the policy docs and just does registration in code, and is a bit simpler. This library offers a lot more obviously, and solves a broader set of access problems, but depending on your needs the solution can be really simple and you might be better to write it yourself in one file and avoid another dependency.

[caipre]

That's more or less the situation I'm in, but with multiple applications. The idea is to pull out the "identity x permission x resource" logic so that each new project doesn't need to re-implement it..

[grey-area]

Oh yes, I'm using a pkg shared between apps, didn't mean you should rewrite it each time, just that it can be much simpler than the linked pkg. Not aware of any widely used ones, you should release yours at some point if you extract it. The one I'm using is here in case it is of interest: https://github.com/fragmenta/auth/tree/master/can