Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

Introduction

Provides simple access control based on key+principals (all strings).

Examples

By role:

import kbac

ac = kbac.KBAC()
ac.add("viewer", ["bob", "joe"])
ac.add("manager", ["lucy", "rick"])

print(ac.is_allowed(["viewer"], ["lucy"]))
print(ac.is_allowed(["manager"], ["lucy"]))
print(ac.is_allowed(["viewer", "manager"], ["rick"]))

Notes:

  • add individual settings using KBAC.add()
  • test if lucy is a viewer
  • test if lucy is a manager
  • test if rick is a viewer or manager

By service:

import kbac

acdict = {
    "list": "dudley, al, jeffrey",
    "create": "dudley, jill",
    "delete": "dudley",
}

ac = kbac.KBAC()
ac.load(acdict.items())

principals = ["dudley"]
print "principals (%s)" % (principals,)
for key in acdict:
    print("key (%s) allowed (%s)" % (key, ac.is_allowed([key], principals)))

Notes:

  • load KBAC object from dictionary
  • test which keys/services dudley is allowed

Display settings:

import kbac

acdict = {
    "list": "dudley, al",
    "create": "dudley, brittany",
    "delete": "dudley",
}

ac = kbac.KBAC()
ac.load(acdict.items())

for key in ac.keys():
    print("key (%s) principals (%s)\n" % (key, sorted(ac.principals(key))))

Notes:

  • extract settings using KBAC.keys() and KBAC.principals()


About

Requirements:

Python

License:

BSD-3

Repository:

https://bitbucket.org/johnmdev/kbac

Email:

expldotinfo@gmail.com

Activity

  • No labels