Authorization Models
KeyNetra supports multiple authorization models that can be composed in a single decision flow.
RBAC
Role-Based Access Control is implemented through users, roles, permissions, and role-permission bindings.
Related implementation:
keynetra/domain/models/rbac.pykeynetra/api/routes/roles.pykeynetra/api/routes/permissions.py
ACL
Access Control Lists provide resource-scoped, subject-specific allow/deny entries.
Related implementation:
keynetra/domain/models/acl.pykeynetra/api/routes/acl.py
ReBAC
Relationship-Based Access Control uses relationship edges between subjects and objects.
Related implementation:
keynetra/domain/models/relationship.pykeynetra/api/routes/relationships.py
Policy Graph Evaluation
Policy rules are compiled and evaluated as part of the deterministic engine pipeline.
Related implementation:
keynetra/engine/compiled/decision_graph.pykeynetra/services/policies.py
Schema-Based Authorization Modeling
Authorization models can be defined as schema files and compiled into permission graphs.
Related implementation:
keynetra/modeling/schema_parser.pykeynetra/modeling/model_validator.pykeynetra/modeling/permission_compiler.py