A graph based authorization library
Project description
permission-graph
A graph based authorization library
Overview
The permissions graph consists of Vertices and Edges.
Vertices
Resource: a resource with predefined actions requiring authorizationActor: an identity that will take actions on resourcesGroup: a named collection ofActorsAction: an action on a resource
Edges
MemberOf: indicates membership in a collectionActor -> MemberOf -> GroupAction -> MemberOf -> Resource
Allow: indicates positive permission to act on a resourceActor -> Allow -> ActionGroup -> Allow -> ActionAction -> Allow -> Action
Deny: indicates negative permission to act on a resourceActor -> Deny -> ActionGroup -> Deny -> ActionAction -> Deny -> Action
flowchart
Actor -->|MemberOf|Group -->|Deny| Action -->|MemberOf| Resource
Actor -->|Allow| Action -->|Allow| Action2 -->|MemberOf| Resource2
Authorizing Access
Authorization to act on a resource is decided by finding the shortest path between a actor and the action to be performed. If that shortest path is an ALLOW rule, the actor is authorized. If that shortest path is a DENY rule, or if there is no path between the actor and the action, the actor is not authorized.
In the event there is a tie for shortest path, the access will be denied only
if all shortest paths are DENY rules. This behavior can be controlled when
initializing the permission graph via the tie_breaker_policy parameter.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for permission_graph-0.1.0a1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 81905e7c2bea7ab9a97d386dcb1b8b5d0e1a90c01b224e1d1159eb0b10a6bda2 |
|
| MD5 | 2fe59be759b5320b654fc59f1a3e28c6 |
|
| BLAKE2b-256 | 7ca71bad1c0576305ad99974210f26dcf7e81500b98089364e549907e0e9ef72 |
