Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Roles and permissions system for Nodejs

ACL / Roles + Permissions

Virgen-ACL (virgen-acl)

  • "Simple in-memory ACL for node.js apps. Supports arbitrary roles and resources, including role/resource detection using a simple interface. Additionally supports custom assertions for more complex rules."
  • Comments: "Simple and elegant, create your own checks. No middleware?"

Node ACL (acl) BuildStatusDependency StatusdevDependency Status

Authorized! (authorized) Current Status

  • "Action based authorization middleware"
  • Comments: "Similar to connect roles... but a bit more robust? you can create roles and action, and associate many roles with that action"

Ability-js (ability)

  • "...route-based ACL component for express.js"
  • Comments: "Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract."

NodeJS Roles (roles)  Travis CI

node-relations build status

Connect Roles (connect-roles) Build StatusDependency StatusNPM version

SimplePermissions (simplepermissions)

  • "Permissions by Subject, Role, and Context. It uses an in-memory model."
  • Comments: "Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!"

entitlement Build Status

CanCan (cancan) Build Status

MustBe (mustbe)




accesscontrol build-status dependencies maintained documentation

CASL (casl) CASL Build StatusCASL codecov

Mongoose Field Access Control


  • "...adds an accessibleBy field to a mongoose schema to be able to determine access rights for models belonging to this schema."
  • Comments: "Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases... but worth considering as a simple way to control access to fields."

mongoose-rbac Build Status


angular-permission Travis



AngularJS -- Quick Role-Based Authentication (by @artgon)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment