Access Control

Access Control is a skill for designing, implementing, and auditing authorization systems. It supports both Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) patterns, generating policy code for frameworks like OPA, Casbin, and native middleware in Express, Django, and Spring Boot.

How It Works

1. Requirements analysis — Maps your user types, resources, and operations into a permission matrix
2. Pattern selection — Recommends RBAC, ABAC, or hybrid based on complexity and granularity needs
3. Policy generation — Produces authorization code, middleware, or policy files (OPA Rego, Casbin model/policy)
4. Audit analysis — Reviews existing authorization logic for missing checks, bypass paths, and IDOR vulnerabilities
5. Test generation — Creates test cases covering permission boundaries and edge cases

Best For

• Multi-tenant SaaS applications with complex role hierarchies
• API authorization design for microservices
• Migrating from ad-hoc permission checks to structured RBAC/ABAC
• Auditing existing code for broken access control (OWASP A01)

Supported Frameworks

Generates policies for OPA/Rego, Casbin, AWS IAM, PostgreSQL RLS, Supabase RLS, Express middleware, Django permissions, and Spring Security.