Expand description
Multi-tenant RBAC authorization library.
This crate provides strong-typed identifiers, permission parsing and matching,
and a pluggable async store interface. The default behavior is deny-by-default.
Use Engine for authorization and Scope for resource scoping.
§Examples
Basic authorization flow using the in-memory store (enable memory-store):
use rs_tenant::{EngineBuilder, Permission, PrincipalId, TenantId};
use rs_tenant::MemoryStore;
let store = MemoryStore::new();
let engine = EngineBuilder::new(store).build();
let tenant = TenantId::try_from("tenant_1").unwrap();
let principal = PrincipalId::try_from_parts("employee", "user_1").unwrap();
let permission = Permission::try_from("invoice:read").unwrap();
let _ = engine.authorize(tenant, principal, permission);Creating a process-local cache (enable memory-cache):
use rs_tenant::MemoryCache;
use std::time::Duration;
let cache = MemoryCache::new(1024).with_ttl(Duration::from_secs(30));Structs§
- Default
Permission Validator - Default strict permission validator.
- Engine
- RBAC engine with pluggable store and optional cache.
- Engine
Builder - Builder for
Engine. - Global
Role Id - Global role identifier.
- NoCache
- No-op cache implementation.
- Permission
- Permission string wrapper (
resource:action). - Principal
Id - Principal identifier.
- Resource
Name - Resource name used for scope checks.
- RoleId
- Role identifier.
- Scope
Path - Hierarchical scope path used by resource-level access checks.
- Tenant
Id - Tenant identifier.
Enums§
- Decision
- Authorization decision.
- Error
- Errors returned by this crate.
- Scope
- Scope result for resource filtering.
Traits§
- Cache
- Cache interface for effective permissions.
- Global
Role Store - Store interface for global roles.
- Permission
Validator - Permission validator interface for custom rules.
- Role
Store - Store interface for tenant-scoped roles.
- Scope
Store - Store interface for hierarchical scope checks.
- Store
- Composite store trait.
- Tenant
Store - Store interface for tenant and principal activation.
Type Aliases§
- Result
- Crate result type.
- Store
Error - Store-layer error type.