@radzor/rbac

Role-Based Access Control with hierarchical roles, fine-grained permissions, and wildcard matching. Supports role inheritance and permission auditing for server-side authorization.

Authenticationv0.1.0typescriptpythonServerrbacauthorizationpermissionsrolesaccess-controlsecurityby Radzor

Install

View source on GitHub →

$npx radzor@latest add rbac

⚠ Constraints: Roles and user assignments are in-memory; persist externally for production. Wildcard permissions (e.g. 'posts:*') match all sub-permissions. Circular role inheritance is detected and prevented.

Inputs

Name	Type	Default	Description
roles	RoleDefinition[]	—	Initial role definitions with permissions and inheritance.
separator	string	:	Separator character for hierarchical permission strings (e.g. 'posts:write').

rolesRoleDefinition[]

Initial role definitions with permissions and inheritance.

separatorstring

Separator character for hierarchical permission strings (e.g. 'posts:write').

default: :

Outputs

Name	Type	Description
authorizationResult

{ "llm": { "constraints": "Roles and user assignments are in-memory; persist externally for production. Wildcard permissions (e.g. 'posts:*') match all sub-permissions. Circular role inheritance is detected and prevented.", "usageExamples": "llm/examples.md", "integrationPrompt": "llm/integration.md" }, "name": "@radzor/rbac", "tags": [ "rbac", "authorization", "permissions", "roles", "access-control", "security" ], "events": [ { "name": "onAccessDenied", "payload": { "roles": "string[]", "userId": "string", "permission": "string" }, "description": "Fired when a permission check fails." } ], "inputs": [ { "name": "roles", "type": "RoleDefinition[]", "required": false, "description": "Initial role definitions with permissions and inheritance." }, { "name": "separator", "type": "string", "default": ":", "required": false, "description": "Separator character for hierarchical permission strings (e.g. 'posts:write')." } ], "radzor": "1.0.0", "actions": [ { "name": "checkPermission", "params": [ { "name": "userId", "type": "string", "description": "User identifier." }, { "name": "permission", "type": "string", "description": "Permission string to check (e.g. 'posts:write')." } ], "returns": "AuthorizationResult", "description": "Check if a user has a specific permission through their assigned roles." }, { "name": "assignRole", "params": [ { "name": "userId", "type": "string", "description": "User identifier." }, { "name": "role", "type": "string", "description": "Role name to assign." } ], "returns": "void", "description": "Assign a role to a user." }, { "name": "removeRole", "params": [ { "name": "userId", "type": "string", "description": "User identifier." }, { "name": "role", "type": "string", "description": "Role name to remove." } ], "returns": "void", "description": "Remove a role from a user." }, { "name": "defineRole", "params": [ { "name": "name", "type": "string", "description": "Unique role name." }, { "name": "permissions", "type": "string[]", "description": "List of permission strings." }, { "name": "inherits", "type": "string[]", "required": false, "description": "Roles this role inherits from." } ], "returns": "void", "description": "Define or redefine a role with its permissions and optional inheritance." }, { "name": "listPermissions", "params": [ { "name": "userId", "type": "string", "description": "User identifier." } ], "returns": "string[]", "description": "List all effective permissions for a user, including inherited ones." } ], "outputs": [ { "name": "authorizationResult", "type": "AuthorizationResult", "fields": [ { "name": "allowed", "type": "boolean", "description": "Whether the permission check passed." }, { "name": "role", "type": "string | null", "description": "Role that granted the permission, or null if denied." }, { "name": "permissions", "type": "string[]", "description": "All effective permissions for the checked role chain." } ], "description": "Result of a permission check." } ], "runtime": "server", "version": "0.1.0", "category": "auth", "languages": [ "typescript", "python" ], "description": "Role-Based Access Control with hierarchical roles, fine-grained permissions, and wildcard matching. Supports role inheritance and permission auditing for server-side authorization.", "dependencies": { "radzor": [], "packages": {} }, "composability": { "connectsTo": [ { "event": "onAccessDenied", "description": "Log unauthorized access attempts", "compatibleWith": [ "@radzor/error-tracker.action.captureMessage.message", "@radzor/log-aggregator.action.warn.message", "@radzor/event-tracker.action.track.eventName" ] }, { "output": "authorizationResult", "mapField": "allowed", "compatibleWith": [ "@radzor/log-aggregator.action.info.message" ] } ] } }

@radzor/rbac

Install

Inputs

Outputs

Actions

Events

Composability

radzor.manifest.json