New Node.js attribute based access control library

1 point

8 years ago

PolicyLine is a new library for Node.js that implements Attribute Based Access Control. If someone is not familiar with this concept, you can watch a 3-minute video by the National Institute of Standards and Technology at the beginning of the readme file.

https://github.com/YLuchaninov/PolicyLine

Goal: Business is not something static. Over time, business rules become obsolete, so you have to rewrite server code and keep a support team to alter it. This library was written to solve this problem by separating software development and setup of business rules in the application. As a result, the client can independently change access rules and customize business logic of their application without changing its server code, which eliminates the need for DevOps and regression testing whenever the rules are changed.

Key differences from similar libraries: * The rules are based not on roles, but rather on the attributes of four objects: user, environment, action, and resource. Therefore, unlike RBAC, it is much more flexible and allows to implement any business rules. * json-based rules that allow changing access rules without overwriting the source code of the application. * Unlike other access libraries, the rules include conditions that, depending on the result of the calculation, can be compiled into a query to the database.