# Relationship-Based Authorization Engines > Search results for `fine-grained authorization service for relationship-based permissions` on awesome-repositories.com. 116 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/fine-grained-authorization-service-for-relationship-based-permissions **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/fine-grained-authorization-service-for-relationship-based-permissions).** ## Results - [encode/django-rest-framework](https://awesome-repositories.com/repository/encode-django-rest-framework.md) (30,083 ⭐) — Django REST Framework is a toolkit for building standards-compliant web services that map complex data models to structured HTTP responses. It provides a modular architecture for handling the request lifecycle, including authentication, permission checks, and content negotiation. The framework is designed to facilitate the development of robust APIs by transforming complex data types into native formats and validating incoming request payloads against defined schemas. The project distinguishes itself through a highly modular, class-based design that allows developers to build complex views an - [casbin/casbin](https://awesome-repositories.com/repository/casbin-casbin.md) (19,848 ⭐) — Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig - [casdoor/casdoor](https://awesome-repositories.com/repository/casdoor-casdoor.md) (13,814 ⭐) — Casdoor is a centralized identity and access management platform that functions as an OAuth 2.0 authorization server. It provides a comprehensive suite of services for managing user identities, authentication sessions, and access policies across both web and machine-to-machine applications. Built with a decoupled frontend-backend architecture in Go, the platform supports high-concurrency environments and offers a web-based management interface for administrative tasks. The platform distinguishes itself through its extensive support for federated identity management, allowing integration with - [getgrav/grav](https://awesome-repositories.com/repository/getgrav-grav.md) (15,395 ⭐) — Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru - [sysgears/grain](https://awesome-repositories.com/repository/sysgears-grain.md) (161 ⭐) — Grain - [anthropics/claude-code](https://awesome-repositories.com/repository/anthropics-claude-code.md) (132,728 ⭐) — Anthropic's terminal-native AI coding agent. - [openfga/openfga](https://awesome-repositories.com/repository/openfga-openfga.md) (4,793 ⭐) — OpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access control. It serves as a centralized authorization service for evaluating access requests and managing relationship tuples across distributed microservices and multi-tenant environments. The engine combines relationship graphs with attribute-based access control, using the Common Expression Language to evaluate dynamic runtime attributes and conditional access rules. It handles complex hierarchies and nested permissions by traversing chains of associations and parent-child links t - [jfrolich/authorize](https://awesome-repositories.com/repository/jfrolich-authorize.md) (100 ⭐) — Rule based authorization for Elixir - [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup - [authzed/spicedb](https://awesome-repositories.com/repository/authzed-spicedb.md) (6,781 ⭐) — SpiceDB is a distributed permission store and relationship-based access control system. It provides a scalable database for storing and querying fine-grained authorization relationships, implementing a consistency model inspired by Google Zanzibar to manage access rights across large-scale applications. The system uses a dedicated schema language to define the rules and logic governing how relationships translate into permissions independently of application code. It functions as a pluggable authorization engine that persists relationship tuples in external relational databases such as Postgr - [teamhanko/hanko](https://awesome-repositories.com/repository/teamhanko-hanko.md) (8,801 ⭐) — Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management. - [cakephp/authorization](https://awesome-repositories.com/repository/cakephp-authorization.md) (74 ⭐) — Authorization stack for the CakePHP framework. - [wdas/relationship-viewer](https://awesome-repositories.com/repository/wdas-relationship-viewer.md) (11 ⭐) — relview is a visualizer for relationships between OpenUSD prims and attributes. - [falkordb/falkordb](https://awesome-repositories.com/repository/falkordb-falkordb.md) (3,437 ⭐) — FalkorDB is a high-performance graph database management system and vector graph database. It serves as a knowledge graph construction tool and a GraphRAG knowledge store, integrating structured property graphs with vector search to provide grounded context for large language models. The engine is designed as a multi-tenant graph engine, capable of hosting thousands of isolated datasets within a single instance. The system distinguishes itself by using linear algebra for query execution, treating relationship tensors as matrix multiplications to achieve low-latency multi-hop traversals. It ut - [avelino/awesome-go](https://awesome-repositories.com/repository/avelino-awesome-go.md) (175,576 ⭐) — This project serves as a comprehensive language ecosystem index, functioning as a centralized, community-curated directory for the Go programming language. It organizes a vast landscape of software components, libraries, and development tools into a structured, navigable hierarchy, enabling developers to efficiently discover resources tailored to specific functional domains. The repository distinguishes itself through a decentralized contribution model, where community-driven updates ensure the index remains current with the rapidly evolving software landscape. Beyond simple resource listing, - [delba/permission](https://awesome-repositories.com/repository/delba-permission.md) (2,892 ⭐) — A unified API to ask for permissions on iOS - [directus/directus](https://awesome-repositories.com/repository/directus-directus.md) (36,030 ⭐) — Directus is a headless content platform that functions as a backend service, automatically generating REST and GraphQL APIs by performing introspection on existing SQL database schemas. It serves as a unified data orchestration layer, decoupling content management from frontend delivery while providing a secure, stateless gateway for database transactions. The platform distinguishes itself through a granular role-based access control engine that enforces security policies at the field level across all API endpoints. It includes a visual, low-code administrative dashboard that allows non-techn - [xyproto/permissions](https://awesome-repositories.com/repository/xyproto-permissions.md) (12 ⭐) — :closed_lock_with_key: Middleware for keeping track of users, login states and permissions - [ory/keto](https://awesome-repositories.com/repository/ory-keto.md) (5,270 ⭐) — Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr - [expo/expo](https://awesome-repositories.com/repository/expo-expo.md) (50,111 ⭐) — Expo is a universal mobile framework designed to build native iOS and Android applications from a single codebase using web-standard technologies. It provides a comprehensive development environment that includes a unified runtime for testing, cloud-based infrastructure for compiling and signing native binaries, and automated tools for managing the entire mobile release lifecycle, including app store submission. The framework distinguishes itself through a plugin-based native configuration engine that programmatically modifies project files, allowing developers to integrate native modules wit - [ory/kratos](https://awesome-repositories.com/repository/ory-kratos.md) (13,455 ⭐) — Kratos is a centralized identity and access management server designed to handle user registration, authentication, and profile management. It functions as an identity flow orchestrator, managing the state and security of authentication processes across web, mobile, and command-line interfaces. The system provides a standards-compliant authorization server that issues tokens and manages delegated access for third-party applications and internal services, supporting multi-factor authentication and custom identity schemas to secure user accounts. The project distinguishes itself through a headl - [0ceanslim/grain](https://awesome-repositories.com/repository/0ceanslim-grain.md) (47 ⭐) — Go Relay Architecture for Implementing Nostr 🌾 - [permify/permify](https://awesome-repositories.com/repository/permify-permify.md) (5,812 ⭐) - [jparise/flake8-author](https://awesome-repositories.com/repository/jparise-flake8-author.md) (0 ⭐) — Flake8 author Checker - [fastapi/sqlmodel](https://awesome-repositories.com/repository/fastapi-sqlmodel.md) (18,137 ⭐) — SQLModel is a type-safe object-relational mapping library for Python that integrates database schema definitions with data validation logic. By combining these two roles into a single class, it allows developers to manage relational data structures and enforce data integrity for web APIs simultaneously. The framework is built to support asynchronous database operations, enabling high-performance applications to execute queries and transactions without blocking the main execution thread. The library distinguishes itself by leveraging Python type hints to provide IDE autocompletion and compile- - [permissions-dispatcher/permissionsdispatcher](https://awesome-repositories.com/repository/permissions-dispatcher-permissionsdispatcher.md) (11,177 ⭐) — PermissionsDispatcher is a declarative Android API and runtime permission manager. It provides a structured system for requesting and verifying system permissions while separating authorization logic from general business code. The project focuses on managing the permission request workflow, which includes justifying requests with custom explanations and handling user responses to system prompts. It also functions as a system settings guide, directing users to the manual Android settings menu for special permissions that require approval outside of the application. - [emcie-co/parlant](https://awesome-repositories.com/repository/emcie-co-parlant.md) (18,119 ⭐) — Parlant is an agentic workflow engine and orchestration framework designed for building conversational AI that adheres to strict behavioral guidelines. It provides a platform for managing multi-turn interactions through state-machine-based logic, allowing developers to define complex, hierarchical conversational flows that can adapt, skip, or revisit steps based on real-time user input. The framework distinguishes itself through its focus on behavioral governance and observability. It enables developers to define precise domain terminology and enforce instruction compliance through prioritize - [casibase/casibase](https://awesome-repositories.com/repository/casibase-casibase.md) (4,443 ⭐) — Casibase is an open-source platform that orchestrates multi-turn conversations with large language models and manages retrieval-augmented knowledge bases from a single interface. It provides a unified system for connecting to over 30 AI model providers, ingesting documents into vector embeddings for semantic search, and running autonomous agent loops that can drive a browser, search the web, execute commands, and integrate with external tools. The platform distinguishes itself by combining AI conversation management with infrastructure and application orchestration capabilities. It includes a - [filamentphp/filament](https://awesome-repositories.com/repository/filamentphp-filament.md) (31,215 ⭐) — Filament is a full-stack framework for building administrative panels and management interfaces within the Laravel ecosystem. It provides a declarative, component-based architecture that allows developers to construct complex, data-driven applications using server-side configuration objects rather than manual HTML. By inspecting database model structures and relationships, the framework automates the generation of CRUD interfaces, forms, and data tables, significantly reducing boilerplate code. The project distinguishes itself through a highly modular and extensible design that supports custo - [kishanjvaghela/ask-permission](https://awesome-repositories.com/repository/kishanjvaghela-ask-permission.md) (78 ⭐) — Ask Permission - Simple RunTime permission manager - [rustdesk/rustdesk](https://awesome-repositories.com/repository/rustdesk-rustdesk.md) (116,258 ⭐) — RustDesk is a cross-platform remote desktop client that enables users to initiate and receive remote sessions. It provides a complete infrastructure for self-hosted remote access, utilizing a signaling and relay server architecture to maintain connectivity when direct peer-to-peer links are unavailable. The software is designed to function across desktop and mobile environments, offering native remote control, screen sharing, and file management capabilities. What distinguishes the platform is its centralized administrative control plane, which allows for granular management of security polic - [hsluoyz/casbin](https://awesome-repositories.com/repository/hsluoyz-casbin.md) (20,189 ⭐) — Casbin is an authorization library designed to manage application access control and permissions through a configurable model-based engine. It serves as a centralized system for verifying whether a user has permission to perform specific actions on a resource. The engine supports multiple access control models, including Role-Based Access Control, Attribute-Based Access Control, and Access Control Lists. It allows for the definition of role hierarchies and the evaluation of user, resource, and environment attributes to make access decisions. The library decouples authorization logic from dat - [emotion-js/emotion](https://awesome-repositories.com/repository/emotion-js-emotion.md) (18,017 ⭐) — This project is a styling library and framework designed for component-based architectures, enabling developers to define and manage visual styles directly within JavaScript or TypeScript. It functions as a styling engine that generates unique class names from style definitions, ensuring encapsulated, predictable, and maintainable visual presentation across applications. By integrating with component logic, it allows for the creation of reusable UI elements with styles defined through template literals or object syntax. The library distinguishes itself through a comprehensive suite of build-t - [vintasoftware/django-role-permissions](https://awesome-repositories.com/repository/vintasoftware-django-role-permissions.md) (755 ⭐) — A django app for role based permissions. - [elabs/pundit](https://awesome-repositories.com/repository/elabs-pundit.md) (8,509 ⭐) — Pundit is a Ruby authorization framework that implements policy-based access control. It maps domain models to dedicated logic classes that determine whether a user is permitted to perform specific actions on data objects. The framework utilizes plain Ruby objects to decouple authorization logic from the model. It includes mechanisms for data query scoping to filter record collections based on user permissions, as well as attribute-level permission control to restrict which specific model fields a user can modify. The system provides tools for authorization coverage verification to ensure se - [spatie/laravel-permission](https://awesome-repositories.com/repository/spatie-laravel-permission.md) (12,911 ⭐) — This is a role-based access control system for Laravel applications that manages user permissions and roles within a database. It provides a database permissions manager to assign specific abilities to users and roles, utilizing authorization gates to restrict access to routes and interface elements. The project features a wildcard permission system that uses pattern matching to grant broad access across multiple related permissions. It also supports team-scoped access control, allowing users to maintain different roles and permission levels across separate organizational contexts or teams. - [gam-team/gam](https://awesome-repositories.com/repository/gam-team-gam.md) (4,206 ⭐) — GAM is a command-line tool for administering Google Workspace and Cloud Identity. It translates command-line arguments into structured API calls, enabling administrators to manage users, groups, organizational units, and domain settings across a Google Workspace environment. The tool handles authentication through OAuth2 flows, service accounts, and workload identity federation, and supports multi-tenant configurations for managing multiple domains or cloud projects from a single installation. GAM distinguishes itself through its batch processing and automation capabilities. It can process la - [ehmicky/unix-permissions](https://awesome-repositories.com/repository/ehmicky-unix-permissions.md) (143 ⭐) — Swiss Army knife for Unix permissions - [fingerprintjs/fingerprintjs](https://awesome-repositories.com/repository/fingerprintjs-fingerprintjs.md) (27,334 ⭐) — Fingerprint is a visitor identification and fraud detection platform that generates persistent, unique identifiers by analyzing browser and device attributes. By extracting technical signals from the client environment, it enables reliable user tracking across sessions without relying on traditional cookies. The platform distinguishes itself through its focus on high-accuracy identification and security-first architecture. It employs edge-side proxying to bypass ad-blockers and privacy restrictions, ensuring consistent data collection. To maintain data integrity, it uses cryptographic payload - [varvet/pundit](https://awesome-repositories.com/repository/varvet-pundit.md) (8,509 ⭐) — Pundit is an authorization framework for Ruby applications that enforces permissions through plain Ruby policy objects. It maps controller actions to policy methods, automatically inferring which policy class and query method to call based on the action name, and raises a custom exception when access is denied. The framework distinguishes itself by using plain Ruby classes without external DSLs or configuration files, and by providing a development-time verification guard that raises an error if a controller action runs without an authorization call. It also supports namespace-based policy or - [alexkhymenko/ngx-permissions](https://awesome-repositories.com/repository/alexkhymenko-ngx-permissions.md) (948 ⭐) — Permission and roles based access control for your angular(angular 2,4,5,6,7,9+) applications(AOT, lazy modules compatible - [lambdalisue/django-permission](https://awesome-repositories.com/repository/lambdalisue-django-permission.md) (303 ⭐) — django-permission .. image:: https://img.shields.io/travis/lambdalisue/django-permission/master.svg?style=flat-square :target: http://travis-ci.org/lambdalisue/django-permission :alt: Build status .. image::… - [refinedev/refine](https://awesome-repositories.com/repository/refinedev-refine.md) (34,906 ⭐) — Refine is a headless framework designed for building data-intensive internal business applications, such as admin panels and dashboards. It provides a core set of hooks and architectural patterns that decouple business logic, authentication, and data operations from the user interface, allowing developers to integrate any design system while maintaining a consistent application structure. The framework distinguishes itself through a resource-centric approach that automatically maps application views to data entities via centralized configuration. It features a unified data provider interface - [googlechrome/chrome-extensions-samples](https://awesome-repositories.com/repository/googlechrome-chrome-extensions-samples.md) (17,623 ⭐) — This repository serves as a comprehensive reference library for browser extension development, providing a collection of code samples and implementation patterns. It is designed to help developers understand the requirements for building extensions that adhere to current manifest standards, specifically focusing on the transition to and implementation of version three specifications. The project provides functional examples for core extension capabilities, including the use of event-driven background service workers, isolated content script injection, and message-passing for inter-process com - [holms-ur/fine-tuning](https://awesome-repositories.com/repository/holms-ur-fine-tuning.md) (72 ⭐) — Close-Domain fine-tuning for table detection - [prefecthq/fastmcp](https://awesome-repositories.com/repository/prefecthq-fastmcp.md) (22,994 ⭐) — FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone - [aosp-mirror/platform_frameworks_base](https://awesome-repositories.com/repository/aosp-mirror-platform-frameworks-base.md) (10,812 ⭐) — This project provides the core framework and system API layer for the Android operating system. It consists of the fundamental Java and C++ libraries that define system behavior and establish the interface contracts required for system applications and hardware abstraction. The project includes a runtime optimizer used to reduce startup time and improve execution speed by pre-compiling methods and configuring boot images. It also features a software quality toolchain that enforces code formatting, audits commit metadata, and manages API compatibility to ensure stable interface contracts acros - [anomalyco/opencode](https://awesome-repositories.com/repository/anomalyco-opencode.md) (175,152 ⭐) — OpenCode is a framework for orchestrating autonomous AI agents within development environments. It provides a multi-tiered architecture where primary assistants manage user interaction while specialized subagents handle specific tasks like planning, research, and code generation. The system includes a comprehensive command-line interface for managing these workflows, configuring agent behavior, and defining custom tools or commands through metadata-rich files. The platform features a modular plugin system and extensive integration support, including standardized protocols for connecting local - [levart/ngx-signal-permissions](https://awesome-repositories.com/repository/levart-ngx-signal-permissions.md) (4 ⭐) — A modern, signal-based Angular library for managing permissions and roles with full TypeScript support. - [linkerd/linkerd2](https://awesome-repositories.com/repository/linkerd-linkerd2.md) (11,424 ⭐) — This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-clu