A graph based authorization library
Project description
permission-graph
A graph based authorization library
Overview
The permissions graph consists of Vertices and Edges.
Vertices
Resource
: a resource with predefined actions requiring authorizationActor
: an identity that will take actions on resourcesGroup
: a named collection ofActors
Action
: an action on a resource
Edges
MemberOf
: indicates membership in a collectionActor -> MemberOf -> Group
Action -> MemberOf -> Resource
Allow
: indicates positive permission to act on a resourceActor -> Allow -> Action
Group -> Allow -> Action
Action -> Allow -> Action
Deny
: indicates negative permission to act on a resourceActor -> Deny -> Action
Group -> Deny -> Action
Action -> Deny -> Action
flowchart
Actor -->|MemberOf|Group -->|Deny| Action -->|MemberOf| Resource
Actor -->|Allow| Action -->|Allow| Action2 -->|MemberOf| Resource2
Authorizing Access
Authorization to act on a resource is decided by finding the shortest path between a actor and the action to be performed. If that shortest path is an ALLOW rule, the actor is authorized. If that shortest path is a DENY rule, or if there is no path between the actor and the action, the actor is not authorized.
In the event there is a tie for shortest path, the access will be denied only
if all shortest paths are DENY rules. This behavior can be controlled when
initializing the permission graph via the tie_breaker_policy
parameter.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for permission_graph-0.1.0a1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 81905e7c2bea7ab9a97d386dcb1b8b5d0e1a90c01b224e1d1159eb0b10a6bda2 |
|
MD5 | 2fe59be759b5320b654fc59f1a3e28c6 |
|
BLAKE2b-256 | 7ca71bad1c0576305ad99974210f26dcf7e81500b98089364e549907e0e9ef72 |