2023-12-08 16:05:32 +01:00
This library implements a in-memory relationship-based access control dababase, that was inspired by [Google's Zanzibar ](https://research.google/pubs/pub48190/ ).
# Naming
2023-12-08 16:26:21 +01:00
## `Object`
A `Object` is a tuple of the values (`namespace`, `id` ).
2023-12-08 16:05:32 +01:00
It represents a object like a user.
Example: (`users`, `alice` ).
2023-12-08 16:26:21 +01:00
## `Set`
A `Set` is a tuple of the values (`namespace`, `id` , `permission` ).
It represents a permission for a `Object` .
2023-12-08 16:05:32 +01:00
Example: (`files`, `foo.pdf` , `read` ).
# Usage
The `RelationGraph` -struct contains a graph of all relationships.
Relationships can be created between:
2023-12-08 16:26:21 +01:00
- `Object` and `Set` => user alice can read the file foo.pdf.
- `Set` and `Set` => everyone who can read the file foo.pdf can read the file bar.pdf.
2023-12-08 16:05:32 +01:00
# Specials
- The `*` -id is used as a wildcard id to create a virtual relation from this id to every other id in the namespace.
Example: (`user`, `alice` ) -> (`file`, `*` , `read` ) => user alice can read every file
# Roadmap
- [ ] implement raft protocol to allow ha deployment
# Server
A basic gRPC based server for interacting with the database can be found in the git repository.
# Contributing
I'm happy about any contribution in any form.
Feel free to submit feature requests and bug reports using a GitHub Issue.
PR's are also appreciated.
# License
This Library is licensed under [LGPLv3 ](https://www.gnu.org/licenses/lgpl-3.0.en.html ).
