Production RBAC (Role-Based Access Control) engine with SQLite persistence and full audit logging.
- 🔐 RBAC Engine – Roles, permissions, wildcard
*resources/actions - 📦 Role Inheritance – Hierarchical roles with permission resolution
- 🕐 Expiring Assignments – Time-limited role grants
- 📝 Audit Log – Every access decision logged with subject/resource/action/result
- 💾 SQLite Persistence – Zero-dependency storage
| Role | Permissions |
|---|---|
admin |
*:* (all resources, all actions) |
viewer |
*:read |
editor |
*:read, *:write |
# Check permission
python src/access_control.py check alice documents read
# Assign role
python src/access_control.py assign-role alice editor
# Create custom role
python src/access_control.py add-role deployer --description "Deploy access"
# Add permission to role
python src/access_control.py add-permission deployer deployment execute
# Effective permissions
python src/access_control.py effective alice
# Audit log
python src/access_control.py audit --subject aliceroles– role definitions with optional parentpermissions– resource:action grants per roleassignments– subject → role mappings (with expiry)audit_log– timestamped access decisions
pytest tests/ -v --cov=srcProprietary – BlackRoad OS, Inc. All rights reserved.