PHPackages dotkernel/dot-rbac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. dotkernel/dot-rbac ActiveLibrary[Authentication & Authorization](/categories/authentication) dotkernel/dot-rbac ================== Dotkernel RBAC authorization component 4.2.1(6mo ago)421.9k↑183.3%22MITPHPPHP ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0CI passing Since Mar 9Pushed 6mo agoCompare [ Source](https://github.com/dotkernel/dot-rbac)[ Packagist](https://packagist.org/packages/dotkernel/dot-rbac)[ Docs](https://github.com/dotkernel/dot-rbac)[ RSS](/packages/dotkernel-dot-rbac/feed)WikiDiscussions 3.0 Synced 1mo ago READMEChangelog (10)Dependencies (8)Versions (30)Used By (2) dot-rbac ======== [](#dot-rbac) Rbac authorization model implements [dot-authorization](https://github.com/dotkernel/dot-authorization)'s `AuthorizationInterface`. An authorization service is responsible for deciding if the authenticated identity or guest has access to certain parts of the application. The RBAC model defines roles that can be assigned to users. The authorization is done on a role basis, not a user basis as in ACL. Each role can have one or multiple permissions/privileges assigned. When deciding if a user is authorized, the requested permission is checked in all user roles, and if at least one role has that permission, access is granted. Documentation ------------- [](#documentation) Documentation is available at: . Badges ------ [](#badges) [![OSS Lifecycle](https://camo.githubusercontent.com/ef1e4f6238f6e8af393b1e5d1aff04316ee261d18ec811753e4adc8be7deaffd/68747470733a2f2f696d672e736869656c64732e696f2f6f73736c6966656379636c652f646f746b65726e656c2f646f742d72626163)](https://camo.githubusercontent.com/ef1e4f6238f6e8af393b1e5d1aff04316ee261d18ec811753e4adc8be7deaffd/68747470733a2f2f696d672e736869656c64732e696f2f6f73736c6966656379636c652f646f746b65726e656c2f646f742d72626163)[![PHP from Packagist (specify version)](https://camo.githubusercontent.com/0d18564a41f4eb53d51e529b2264057f6c62b61f358b83beaa546e3bebe32a6b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f646f746b65726e656c2f646f742d726261632f332e382e30)](https://camo.githubusercontent.com/0d18564a41f4eb53d51e529b2264057f6c62b61f358b83beaa546e3bebe32a6b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f646f746b65726e656c2f646f742d726261632f332e382e30) [![GitHub issues](https://camo.githubusercontent.com/bf572960862a07f264dbb13a4f7ab3f59a083f8302583192afd2b02f4b18ef90/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f646f746b65726e656c2f646f742d72626163)](https://github.com/dotkernel/dot-rbac/issues)[![GitHub forks](https://camo.githubusercontent.com/a262c32b92ca45641617fbb068660556b742de55142222d255b075b164a51aa0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f646f746b65726e656c2f646f742d72626163)](https://github.com/dotkernel/dot-rbac/network)[![GitHub stars](https://camo.githubusercontent.com/f45f921cce302638c04cc89913c4c45d9bce240bc6be6dcc74bf25170377c15a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f646f746b65726e656c2f646f742d72626163)](https://github.com/dotkernel/dot-rbac/stargazers)[![GitHub license](https://camo.githubusercontent.com/32e863ab7bf003b2edbd847ef9353daaf5487eff2045cd7d804135d1790eba56/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f646f746b65726e656c2f646f742d72626163)](https://github.com/dotkernel/dot-rbac/blob/3.0/LICENSE.md) [![Build Static](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml)[![codecov](https://camo.githubusercontent.com/b5fad382ce640047f03f94fd0a20f25de1089aa0d4de1c6c1bae8cfd13fa0da7/68747470733a2f2f636f6465636f762e696f2f67682f646f746b65726e656c2f646f742d726261632f67726170682f62616467652e7376673f746f6b656e3d47434b364339324e3833)](https://codecov.io/gh/dotkernel/dot-rbac)[![PHPStan](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml) Installation ------------ [](#installation) Run the following command in your project root directory: ``` $ composer require dotkernel/dot-rbac ``` Configuration ------------- [](#configuration) Even if the authorization service can be programmatically configured, we recommend using the configuration-based approach. We further describe how to configure the module, using a configuration file. First, you should enable the module in your application by merging this package's `ConfigProvider` with your application's config. This ensures that all dependencies required by this module are registered in the service manager. It also defines default config values for this module. Create a configuration file in your `config/autoload` folder and change the module options as needed. ### authorization.global.php [](#authorizationglobalphp) ``` 'dot_authorization' => [ //name of the guest role to use if no identity is provided 'guest_role' => 'guest', 'role_provider_manager' => [], //example for a flat RBAC model using the InMemoryRoleProvider 'role_provider' => [ 'type' => 'InMemory', 'options' => [ 'roles' => [ 'admin' => [ 'permissions' => [ 'edit', 'delete', //etc.. ] ], 'user' => [ 'permissions' => [ //... ] ] ] ], ], //example for a hierarchical model, less to write, but it can be confusing sometimes /*'role_provider' => [ 'type' => 'InMemory', 'options' => [ 'roles' => [ 'admin' => [ 'children' => ['user'], 'permissions' => ['create', 'delete'] ], 'user' => [ 'children' => ['guest'] 'permissions' => ['edit'] ] 'guest' => [ 'permissions' => ['view'] ] ] ] ],*/ 'assertion_manager' => [ 'factories' => [ //EditAssertion::class => InvokableFactory::class, ], ], 'assertions' => [ [ 'type' => EditAssertion::class, 'permissions' => ['edit'], 'options' => [] ] ] ] ``` Usage ----- [](#usage) Whenever you need to check if someone is authorized to take some actions, inject the `AuthorizationInterface::class` service into your class, then call the `isGranted` method with the correct parameters. There are two ways to call the isGranted method. ### First Method [](#first-method) Specify which roles you want to check. ``` $isGranted = $this->authorizationService->isGranted($permission, $roles); ``` ### Second Method [](#second-method) Do not specify the roles or send an empty array as the second parameter. This will check if the authenticated identity has permission. ``` $isGranted = $this->authorizationService->isGranted($permission); ``` Customize the IdentityProvider ------------------------------ [](#customize-the-identityprovider) Whenever you request an authorization check on the authenticated identity, the identity will be provided to the `AuthorizationService` through a registered `IdentityProviderInterface` service. This is because identity is authentication-dependent, so the module lets you overwrite this service, depending on your needs. If you want to get the identity from other sources instead of the dot-authentication service, overwrite the `IdentityProviderInterface::class` service in the service manager with your own implementation of this interface. Custom role providers --------------------- [](#custom-role-providers) Write your own role provider by implementing the `RoleProviderInterface` and register it in the `RoleProviderPluginManager`. After that, you can use them in the configuration file, as described above. Creating assertions ------------------- [](#creating-assertions) Assertions are checked after permission is granted, right before returning the authorization result. Assertions can have the last word in deciding if someone is authorized for the requested action. A good assertion example could be an edit permission, but with the restriction that it should be able to edit the item just if the `user id` matches the item's `owner id`. It is up to you to write the logic inside an assertion. An assertion has to implement the `AssertionInterface` and be registered in the `AssertionPluginManager`. This interface defines the following method: ``` public function assert(AuthorizationInterface $authorization, $context = null); ``` The context variable can be any external data that an assertion needs to decide the authorization status. The assertion must return a boolean value, reflecting the assertion pass or failure status. ### Health Score 56 — FairBetter than 98% of packages Maintenance66 Regular maintenance activity Popularity32 Limited adoption so far Community19 Small or concentrated contributor base Maturity91 Battle-tested with a long release history Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~112 days Recently: every ~0 days Total 29 Last Release 200d ago Major Versions 2.9.1 → 3.5.12023-08-24 2.9.2 → 3.6.02024-05-03 3.6.0 → 4.0.02025-01-23 3.7.0 → 4.1.02025-03-14 3.8.0 → 4.2.12025-10-31 PHP version history (9 changes)0.1.0PHP ^7.1 v2.0.0PHP ^7.2 3.0PHP ^7.4 3.3.0PHP ~7.4.0 || ~8.0.0 || ~8.1.0 2.9.0PHP ~8.0.0 || ~8.1.0 || ~8.2.0 3.5.0PHP ~8.1.0 || ~8.2.0 3.5.2PHP ~8.1.0 || ~8.2.0 || ~8.3.0 4.0.0PHP ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0 4.2.0PHP ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1156873?v=4)[Dotkernel](/maintainers/dotkernel)[@dotkernel](https://github.com/dotkernel) --- Top Contributors [![n3vrax](https://avatars.githubusercontent.com/u/5805542?v=4)](https://github.com/n3vrax "n3vrax (19 commits)")[![alexmerlin](https://avatars.githubusercontent.com/u/4542449?v=4)](https://github.com/alexmerlin "alexmerlin (9 commits)")[![SergiuBota1](https://avatars.githubusercontent.com/u/50962867?v=4)](https://github.com/SergiuBota1 "SergiuBota1 (9 commits)")[![arhimede](https://avatars.githubusercontent.com/u/22009710?v=4)](https://github.com/arhimede "arhimede (6 commits)")[![Howriq](https://avatars.githubusercontent.com/u/63609103?v=4)](https://github.com/Howriq "Howriq (4 commits)")[![Calin23](https://avatars.githubusercontent.com/u/51288903?v=4)](https://github.com/Calin23 "Calin23 (3 commits)")[![bidi47](https://avatars.githubusercontent.com/u/27284979?v=4)](https://github.com/bidi47 "bidi47 (3 commits)")[![gabidj](https://avatars.githubusercontent.com/u/3998573?v=4)](https://github.com/gabidj "gabidj (2 commits)") --- Tags laminasauthorizationrbac ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/dotkernel-dot-rbac/health.svg) ``` [![Health](https://phpackages.com/badges/dotkernel-dot-rbac/health.svg)](https://phpackages.com/packages/dotkernel-dot-rbac) ``` ### Alternatives [santigarcor/laratrust This package provides a flexible way to add Role-based Permissions to Laravel 2.3k5.4M43](/packages/santigarcor-laratrust)[casbin/casbin a powerful and efficient open-source access control library for php projects. 1.3k1.4M54](/packages/casbin-casbin)[laminas/laminas-permissions-rbac Provides a role-based access control management 353.4M29](/packages/laminas-laminas-permissions-rbac)[casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz)[saeven/zf3-circlical-user Complete user entity, rights, and access module for Laminas 3718.7k](/packages/saeven-zf3-circlical-user)[kokspflanze/bjy-authorize Laminas\\Acl based firewall system for Laminas dispatch protection 20178.2k4](/packages/kokspflanze-bjy-authorize) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)