Skip to main content

Policy Storage

In Casbin, the policy storage is implemented as an adapter.

Load policy from .CSV file

This is the most common way to use Casbin. It's easy to understand for beginners and convenient for sharing when you ask Casbin team for help.

The content of the .CSV file examples/rbac_policy.csv:

p, alice, data1, read
p, bob, data2, write
p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, data2_admin
note

If your file contains commas, , you should wrap it in double quotes, for example:

p, alice, "data1,data2", read    --correct
p, alice, data1,data2, read --incorrect ("data1,data2" should be a whole)

If your file contains commas, and double quotes", you should enclose the field in double quotes and double any embedded double quotes.

p, alice, data, "r.act in (""get"", ""post"")"        --correct
p, alice, data, "r.act in ("get", "post")" --incorrect (should use "" to escape "")

Related issue: casbin#886

Adapter API

MethodTypeDescription
LoadPolicy()basicLoad all policy rules from the storage
SavePolicy()basicSave all policy rules to the storage
AddPolicy()optionalAdd a policy rule to the storage
RemovePolicy()optionalRemove a policy rule from the storage
RemoveFilteredPolicy()optionalRemove policy rules that match the filter from the storage

Database Storage Format

your policy file

p, data2_admin, data2, read
p, data2_admin, data2, write
g, alice, admin

corresponding database structure (Such as MySQL)

idptypev0v1v2v3v4v5
1pdata2_admindata2read
2pdata2_admindata2write
3galiceadmin

The meaning of each column

  • id: Only exists in the database as the primary key. Not as part of the casbin policy. The way it is generated depends on the specific adapter

  • ptype: It corresponds to p, g, g2, etc.

  • v0-v5: The column names have no specific meaning, and correspond to the values in the policy csv from left to right. The number of columns depends on how many you define yourself. In theory, there can be an infinite number of columns. But generally only 6 columns are implemented in adapter. If it is not enough for you, please submit an issue to the corresponding adapter repository.

Adapter Details

More details about the use of adapter api and database table structure design, Please go to: /docs/adapters