abac-engine
Zero-dependency ABAC policy evaluation engine. The Policy Decision Point (PDP) for your authorization system.
What is ABAC?
Attribute-Based Access Control (ABAC) is a flexible authorization model that makes access decisions based on attributes of:
Subject
Who is making the request (user, role, department)
Resource
What is being accessed (document, database, API)
Action
What operation (read, write, delete, update)
Environment
Context (time, location, IP address)
Key Features
Zero Dependencies
Pure JavaScript/TypeScript with no external dependencies. Small bundle size and easy integration.
Fluent API
Intuitive PolicyBuilder and ConditionBuilder for creating policies programmatically.
Attribute Providers
Fetch attributes dynamically from databases, APIs, LDAP, or custom sources.
Audit & Metrics
Built-in audit logging and performance metrics for monitoring and debugging.
Quick Example
import {
ABACEngine,
PolicyBuilder,
ConditionBuilder,
AttributeRef,
CombiningAlgorithm
} from 'abac-engine'
// Create a policy
const policy = PolicyBuilder
.create('document-access')
.version('1.0.0')
.permit()
.description('Users can access their own documents')
.condition(
ConditionBuilder.equals(
AttributeRef.subject('id'),
AttributeRef.resource('ownerId')
)
)
.build()
// Initialize engine
const engine = new ABACEngine({
policies: [policy],
combiningAlgorithm: CombiningAlgorithm.DenyOverrides
})
// Evaluate a request
const decision = await engine.evaluate({
subject: {
id: 'user-123',
attributes: { department: 'Engineering' }
},
resource: {
id: 'doc-456',
attributes: { ownerId: 'user-123' }
},
action: { id: 'read' }
})
if (decision.decision === 'Permit') {
// Allow access
}Documentation
Ready to Get Started?
Follow our Quick Start guide to build your first ABAC policy in minutes.
Quick Start Guide