A Python-based backend service for managing Role-Based Access Control (RBAC) between users and database items. This service provides fine-grained permission management for resource access control.
- Role-Based Access Control: Manage user roles and permissions
- PostgreSQL Integration: Connects to AWS RDS PostgreSQL instances
- RESTful API: Flask-based API for access management
- JWT Authentication: Secure token-based authentication
- Hierarchical Roles: Support for role inheritance
- Item-Level Permissions: Granular control over database items
- Audit Logging: Track all access control changes
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ Client │─────▶│ RBAC API │─────▶│ PostgreSQL │
└─────────────┘ └──────────────┘ │ RDS (AWS) │
│ └─────────────┘
▼
┌──────────────┐
│ Redis Cache │
└──────────────┘
- users: User accounts and authentication
- roles: Role definitions (admin, editor, viewer, etc.)
- permissions: Granular permissions (read, write, delete, etc.)
- role_permissions: Many-to-many relationship
- user_roles: User role assignments
- items: Protected resources in the database
- item_access: User/role access to specific items
- Python 3.9+
- PostgreSQL 13+ (AWS RDS)
- Redis (optional, for caching)
- Clone the repository
git clone <repository-url>
cd gg-demo- Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate- Install dependencies
pip install -r requirements.txt- Configure environment variables
cp .env.example .env
# Edit .env with your database credentials- Run database migrations
alembic upgrade head- Start the service
python app.pySet the following environment variables in .env:
DATABASE_URL: PostgreSQL RDS connection stringJWT_SECRET_KEY: Secret key for JWT tokensREDIS_URL: Redis connection string (optional)AWS_REGION: AWS region for RDSLOG_LEVEL: Logging level (DEBUG, INFO, WARNING, ERROR)
POST /api/auth/login- User authenticationPOST /api/auth/logout- Logout userPOST /api/auth/refresh- Refresh JWT token
GET /api/users- List all usersPOST /api/users- Create new userGET /api/users/{id}- Get user detailsPUT /api/users/{id}- Update userDELETE /api/users/{id}- Delete user
GET /api/roles- List all rolesPOST /api/roles- Create new roleGET /api/roles/{id}- Get role detailsPUT /api/roles/{id}- Update roleDELETE /api/roles/{id}- Delete role
GET /api/permissions- List all permissionsPOST /api/users/{user_id}/roles/{role_id}- Assign role to userDELETE /api/users/{user_id}/roles/{role_id}- Remove role from user
GET /api/items/{item_id}/access- Check user access to itemPOST /api/items/{item_id}/grant- Grant access to itemDELETE /api/items/{item_id}/revoke- Revoke access to itemGET /api/items/accessible- List accessible items for current user
Run the test suite:
pytest tests/With coverage:
pytest --cov=src tests/Build and run with Docker:
docker-compose up -dMIT License