[grey-area]

I use a much smaller solution than this which just registers a list of permissions in memory of the form: role x can perform action y on resource z and then offers checks like can.Manage(resource,role). So it avoids the policy docs and just does registration in code, and is a bit simpler. This library offers a lot more obviously, and solves a broader set of access problems, but depending on your needs the solution can be really simple and you might be better to write it yourself in one file and avoid another dependency.

[caipre]

That's more or less the situation I'm in, but with multiple applications. The idea is to pull out the "identity x permission x resource" logic so that each new project doesn't need to re-implement it..

[grey-area]

Oh yes, I'm using a pkg shared between apps, didn't mean you should rewrite it each time, just that it can be much simpler than the linked pkg. Not aware of any widely used ones, you should release yours at some point if you extract it. The one I'm using is here in case it is of interest: https://github.com/fragmenta/auth/tree/master/can