{"id":3429,"library":"casbin","title":"Casbin","description":"Casbin is a powerful and efficient open-source access control library for Python projects. It provides support for enforcing authorization based on various access control models like ACL, RBAC, and ABAC. Authorization models are defined using `.conf` files, and policies are stored in `.csv` files or various database backends via adapters. The library is actively maintained with frequent updates.","status":"active","version":"1.43.0","language":"en","source_language":"en","source_url":"https://github.com/apache/casbin-pycasbin","tags":["authorization","access control","ACL","RBAC","ABAC","permission","security"],"install":[{"cmd":"pip install casbin","lang":"bash","label":"Install core library"}],"dependencies":[],"imports":[{"symbol":"Enforcer","correct":"from casbin import Enforcer"}],"quickstart":{"code":"import casbin\nimport os\n\n# Create a simple model.conf file\nmodel_conf_content = \"\"\"\n[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = r.sub == p.sub && r.obj == p.obj && r.act == p.act\n\"\"\"\n\n# Create a simple policy.csv file\npolicy_csv_content = \"\"\"\np, alice, data1, read\np, bob, data2, write\n\"\"\"\n\n# Save model and policy to temporary files\nwith open(\"model.conf\", \"w\") as f:\n    f.write(model_conf_content)\nwith open(\"policy.csv\", \"w\") as f:\n    f.write(policy_csv_content)\n\ntry:\n    # Initialize the enforcer\n    e = casbin.Enforcer(\"model.conf\", \"policy.csv\")\n\n    # Test enforcement\n    print(f\"Alice can read data1: {e.enforce('alice', 'data1', 'read')}\") # True\n    print(f\"Alice can write data1: {e.enforce('alice', 'data1', 'write')}\") # False\n    print(f\"Bob can read data2: {e.enforce('bob', 'data2', 'read')}\") # False\n    print(f\"Bob can write data2: {e.enforce('bob', 'data2', 'write')}\") # True\n    print(f\"Charlie can read data1: {e.enforce('charlie', 'data1', 'read')}\") # False\nfinally:\n    # Clean up temporary files\n    os.remove(\"model.conf\")\n    os.remove(\"policy.csv\")","lang":"python","description":"This quickstart demonstrates how to initialize a Casbin Enforcer with a basic model and policy, and then use it to check authorization requests. It creates temporary `model.conf` and `policy.csv` files, which define the access control structure and rules respectively. The `enforce` method is then called to determine if a subject (user), object (resource), and action combination is allowed."},"warnings":[{"fix":"Review the Casbin documentation and changelog for PyCasbin v2 regarding custom effector implementations and update your code accordingly.","message":"When upgrading to PyCasbin v2 (which was released with version 0.20.0), custom effectors require a rewrite due to API changes.","severity":"breaking","affected_versions":"0.x.x to 2.x.x (specifically 0.20.0 and above)"},{"fix":"Install the appropriate adapter package, e.g., `pip install casbin-sqlalchemy-adapter` or `pip install casbin-pymongo-adapter`, and configure the `Enforcer` to use it.","message":"The core `casbin` library only includes a default file adapter. For policy persistence in databases (e.g., MySQL, PostgreSQL, MongoDB), you must install a separate, corresponding adapter library.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Implement a separate authentication mechanism (e.g., OAuth, JWT, session management) in your application to verify user identities before passing them to Casbin for authorization checks.","message":"Casbin handles *authorization* (who can do what on which resource) but explicitly *does not* handle authentication (verifying user identity/passwords).","severity":"gotcha","affected_versions":"All versions"},{"fix":"For large policy sets or distributed environments, explore Casbin's filtered policy loading feature or implement a separate caching layer with explicit invalidation to reduce database pressure and ensure policy freshness.","message":"In distributed systems, the `SyncEnforcer`'s periodic policy reloading might lead to temporary inconsistencies or frequent database hits. Consider using filtered policy loading or a robust caching strategy.","severity":"gotcha","affected_versions":"All versions, especially in high-load or distributed environments"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}