typesec-rbac 0.2.0

RBAC policy engine for typesec — YAML → typed enforcement

Coverage
100%
21 out of 21 items documented0 out of 9 items with examples
Size
Source code size: 26.25 kB This is the summed size of all the files inside the crates.io package for this release.
Documentation size: 663.33 kB This is the summed size of all files generated by rustdoc for all configured targets
Ø build duration
this release: 10s Average build duration of successful builds.
all releases: 11s Average build duration of successful builds in releases after 2024-10-23.
Links
querygraph/typesec
5 3 0
crates.io
Dependencies
Versions
Owners

typesec-rbac

Role-Based Access Control from YAML → typed policy enforcement.

YAML → Types → Compile-time Safety

The pipeline has two phases:

Runtime: Parse the YAML policy, build an [RbacEngine] that implements [PolicyEngine]. This handles dynamic role assignments and resource globs that can't be known at compile time.
Codegen (optional, via typesec generate): Emit Rust source code with concrete role structs and Permission impls. These let the compiler verify that your code uses permissions that actually exist in the policy file.

YAML Schema

roles:
  - name: analyst
    permissions: [read, read_sensitive]
    resources: ["reports/*", "metrics/*"]
  - name: admin
    inherits: [analyst]
    permissions: [write, delete, delegate]
    resources: ["*"]

assignments:
  - subject: "agent:data-pipeline"
    roles: [analyst]