Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Roles and permissions system for Nodejs

ACL / Roles + Permissions Simple and elegant, create your own checks. No middleware? Use as middleware, create your own roles and access. Great choice. Similar to connect roles... but a bit more robust? you can create roles and action, and associate many roles with that action Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract. More traditional setRole() hasRole() based checking. Last activity 2 years ago. Natural language style roles. Looks very promising and is in active development Simple and closer to action / natural language based. Requires writing your own checks for each. Maybe too simple? Makes sense for assigning roles but then its hard to check against roles! Not ideal but here for reference sake.

Mongoose Field Access Control Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases... but worth considering as a simple way to control access to fields.

kharhys commented Sep 13, 2015

Hi, Great compilation.
You might want to correct a typo on the gist's name (

Thanks for a compiled list of somethings out there.

emerak commented Feb 18, 2016

Awesome! 🤘

Thanks for the collection!

Thanks a lot !!!

Thanks man, very usefull... \o

chichivica commented Feb 16, 2017

current popularity rank (based on dowloads count)

  1. acl
  2. connect-roles
  3. authorized
  4. virgen-acl
  5. permission
  6. ability
  7. simplepermissions
  8. entitlement

onury commented May 10, 2017

Here is my approach

var permission = ac.can(role).createOwn(resource);
if (permission.granted) {
    // do stuff...
} else {

kabala commented Jul 25, 2017

Thx so much!

AGhost-7 commented Dec 27, 2017

Shameless plug! :

Above is an attribute-based access control library. It is designed to be as flexible as possible by using conditions instead of roles. One can implement RBAC or whatever they want using conditions. Module also supports field-level access control that isn't supported by most of the modules listed here.

If you wish to enhance the list, we wrote this with my team:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment