Open Source Linux RBAC Tools
Sort By:
RBAC Tools for Linux
View 5 business solutionsBrowse free open source RBAC tools and projects for Linux below. Use the toggles on the left to filter open source RBAC tools by OS, license, language, programming language, and project status.
-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
RELIANOID
Network Load Balancer and Application Security
RELIANOID is an open core (Debian GNU/Linux based) Application Delivery Controller (ADC) with advanced load balancing features such as Network Load Balancer, Application Load Balancer with SSL offloading, Advance Network Configuration including Virtual Interfaces, VLANs, Bonding with link aggregation, IPv4/IPv6, advanced routing, stateless cluster, web GUI, JSON API and much more! Enterprise Edition Load Balancer is available with extra features such as global service load balancing (gslb), application security including web application firewall (WAF), blacklists, Realtime Blackhole Lists (DNSBL), DDoS protection, stateful clustering, SNMP monitoring, email and SNMP notifications, RBAC, VPN support, and the best Support directly from an expert Team. -
2
Permify
Permify is an open-source authorization service
Permify is an open source authorization service for creating fine-grained and scalable authorization systems. With Permify, you can easily structure your authorization model, store authorization data in your preferred database, and interact with the Permify API to handle all authorization queries from your applications or services. Permify is inspired by Google’s consistent, global authorization system, Google Zanzibar. Our goal is to make Google's Zanzibar available to everyone and help them to build robust, flexible, and easily auditable authorization system that establishes a natural linkage between permissions across the business units, functions, and entities of an organization. -
3
AKHQ
Kafka GUI for Apache Kafka to manage topics, topics data, etc.
Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more. Enabling your teams to search and explore data in a unified console, while supporting its administration and integration within your ecosystem. Multi-Cluster vision into a central console, available in Multi-Cloud environments. Enabling users to access, search and get insights from your topics, including Live Tail. Allowing to manage your topics, consumer groups, cluster configurations, users and ACLs. Compatibility with LDAP, RBAC, Schema Registry, Kafka Connect and more. -
4
K9s
Kubernetes CLI To Manage Your Clusters In Style!
K9s is a terminal based UI to interact with your Kubernetes clusters. The aim of this project is to make it easier to navigate, observe and manage your deployed applications in the wild. K9s continually watches Kubernetes for changes and offers subsequent commands to interact with your observed resources. Provides standard cluster management commands such as logs, scaling, port-forwards, restarts. Define your own command shortcuts for quick navigation via command aliases and hotkeys. Plugin support to extend K9s to create your very own cluster commands. Powerful filtering mode to allow user to drill down and view workload related resources. Supports for viewing RBAC rules such as cluster/roles and their associated bindings. Reverse lookup to asserts what a user/group or ServiceAccount can do on your clusters. You can benchmark your HTTP services/pods directly from K9s to see how your application fare and adjust your resources request/limit accordingly. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
Kubernetes Dashboard
General-purpose web UI for Kubernetes clusters
Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself. To access Dashboard from your local workstation you must create a secure channel to your Kubernetes cluster. Kubeconfig Authentication method does not support external identity providers or certificate-based authentication. Metrics-Server has to be running in the cluster for the metrics and graphs to be available. Make sure that you know what you are doing before proceeding. Granting admin privileges to Dashboard's Service Account might be a security risk. In most cases after provisioning cluster using kops, kubeadm or any other popular tool, the ClusterRole cluster-admin already exists in the cluster. We can use it and create only ClusterRoleBinding for our ServiceAccount. If it does not exist then you need to create this role first and grant required privileges manually. -
6
Casdoor
An open-source Identity and Access Management (IAM)
A UI-first Identity Access Management (IAM) / Single-Sign-On (SSO) platform supporting OAuth 2.0, OIDC, SAML and CAS, integrated with Casbin RBAC and ABAC permission management. Within a few steps, we can setup a Casdoor app and realize our authorization management. Casdoor has a front-end back-end separation architecture, with maneuverable web UI and supporting high concurrency. Casdoor is supporting multi-languages, using i18n to support multi-languages UI. For more languages support, welcome to propose in our community. Casdoor SDK provides many functions, such as identity authentication, user management, resource upload, etc. Access to Casdoor is very convenient, please visit How to Connect to Casdoor for details. Casdoor also support sign up directly. By filling your Username, Display name, Password and Email, after your receive your Email code, you can sign up in Casdoor. -
7
Portainer.io
Making Docker and Kubernetes management easy
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. It is designed to be as simple to deploy as it is to use. The application allows you to manage all your orchestrator resources (containers, images, volumes, networks and more) through a ‘smart’ GUI and/or an extensive API. Portainer consists of a single container that can run on any cluster. It can be deployed as a Linux container or a Windows native container. Portainer Business Edition builds on the open-source base and includes a range of advanced features and functions (like RBAC and Support) that are specific to the needs of business users. Portainer CE is an open source project and is supported by the community. You can buy a supported version of Portainer at portainer.io. -
8
CASL
CASL is an isomorphic authorization JavaScript library
CASL is an isomorphic authorization JavaScript library that restricts what resources a given user is allowed to access. It's designed to be incrementally adoptable and can easily scale between a simple claim-based and fully featured subject and attribute-based authorization. It makes it easy to manage and share permissions across UI components, API services, and database queries. -
9
Openblocks
The Open Source Retool Alternative
It's cumbersome to create a single app. You had to design user interfaces, write code in multiple languages and frameworks, and understand how all of that code works together. Low-code/No-code platforms are fast to get started with but quickly become unmaintainable and inflexible. This creates more problems than it solves. Retool-like solutions are great for their simplicity and flexibility, but they can also be limited in different ways compared to frameworks like React/Vue. An all-in-one IDE to create internal or customer-facing apps. A place to create, build and share building blocks of web applications. A domain-specific language that UI-configurable block is the first-class citizen. Openblocks is open-source. You don't need to worry about vendor lock-in or being stuck with an outdated version of the software. -
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
10
Headlamp
A Kubernetes web UI that is fully-featured, user-friendly
Out of the box, Headlamp is a fully functional Kubernetes UI. By leveraging its powerful plugin system, builders can shape Headlamp to fit their bespoke use cases, products, and environments. Headlamp adapts not only to a user's cluster configuration (multiple or single clusters, permissions-based UI, etc.), but its powerful plugin system allows builders to customize the experience with new functionality that fits their products. Headlamp’s plugin system makes it possible to create custom experiences with minimal effort; add/extend views, customize branding, etc. Headlamp adapts to a user’s cluster permissions. It checks RBAC and displays actions like delete or edit only if the user has permission to do so. Keeping with Headlamp’s goal of supporting a fully customizable experience, it can be run as a web app, desktop app, or both. -
11
Typhoon
Minimal and free Kubernetes distribution with Terraform
Typhoon is a minimal and free Kubernetes distribution. Minimal, stable base Kubernetes distribution. Declarative infrastructure and configuration. Free (freedom and cost) and privacy-respecting. Practical for labs, datacenters, and clouds. Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components. Typhoon provides a Terraform Module for each supported operating system and platform. Define a Kubernetes cluster by using the Terraform module for your chosen platform and operating system. Initialize modules, plan the changes to be made, and apply the changes. Typhoon is strict about minimalism, maturity, and scope. Typhoon powers the author's cloud and colocation clusters. The project has evolved through operational experience and Kubernetes changes. Typhoon is shared under a free license to allow others to use the work freely and contribute to its upkeep. -
12
audit2rbac
Autogenerate RBAC policies based on Kubernetes audit logs
audit2rbac takes a Kubernetes audit log and username as input, and generates RBAC role and binding objects that cover all the API requests made by that user. -
13
Stock Inventory Management
PHP Stock Inventory Management System - POS
A web-based application which will manage stock inventory so easily: Dashboard, Stock Management, Purchasing, Sales, Suppliers, Customers, Outstandings, and Payments. Nice look and feel interface. It supports to be displayed in mobile-device. This web application is actually generated by PHPMaker without touch any code in the generated script files. All the customization are done from inside of PHPMaker Project. Thus, all the changes are saved in the project side, so that you will be able to maintain the project and upgrade it in future easily and quickly. This related PHPMaker Project file (including all the Extensions that used by this project) can be downloaded from http://www.ilovephpmaker.com. The latest version supports PHPMaker 2019. Technical support will be provided only for those of you who have subscribed to the site. Demo? Please visit: http://phpstock.ilovephpmaker.com/ For login, please use: - Username: admin - Password: master -
14
Kubeapps
A web-based UI for deploying and managing applications in Kubernetes
Kubeapps is an in-cluster web-based application that enables users with a one-time installation to deploy, manage, and upgrade applications on a Kubernetes cluster. Deploy and Manage your Favorite Kubernetes Packages. Browse and deploy packages from public and private registries. Perform day-two operations such as upgrades or rollbacks seamlessly. Create and manage different catalogs isolating them in different namespaces and clusters just using a single Kubeapps instance. Leverage RBAC and OAuth2/OIDC to authenticate and authorize users in Kubeapps. -
15
A high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is designed to make it easy for developers to model their application permissions and add and integrate fine-grained authorization into their applications. It allows in-memory data storage for quick development, as well as pluggable database modules. It currently supports PostgreSQL 14, MySQL 8, and SQLite (currently in beta). It offers an HTTP API and a gRPC API. It has SDKs for Java, Node.js/JavaScript, GoLang, Python, and .NET. Look in our Community section for third-party SDKs and tools. It can also be used as a library. OpenFGA takes the best ideas from Google's Zanzibar paper for Relationship-Based Access Control, and also solves problems for Role-based Access Control and Attribute-Based Access Control use cases. The modeling language is powerful enough for engineers, but friendly enough for other stakeholders on your team as well.
-
16
jCasbin
An authorization library that supports access control models
An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. Besides memory and file, Casbin policy can be stored into lots of places. Currently, dozens of databases are supported, from MySQL, Postgres, Oracle to MongoDB, Redis, Cassandra, AWS S3. jCasbin is a powerful and efficient open-source access control library for Java projects. It provides support for enforcing authorization based on various access control models. -
17
kcp Kubernetes
Kubernetes-like control planes for form-factors
kcp can be a building block for SaaS service providers who need a massively multi-tenant platform to offer services to a large number of fully isolated tenants using Kubernetes-native APIs. The goal is to be useful to cloud providers as well as enterprise IT departments offering APIs within their company. kcp takes full advantage of Kubernetes API conventions, the glue that binds the cloud-native technology ecosystem together and imbues Kubernetes popular end-user experience, but kcp has unbound it from Kubernetes workload orchestration and clusters. kcp implements fully-isolated workspaces, each acting as its own Kubernetes-like cluster, with its own URL, its own set of APIs (e.g. different CRDs), its own RBAC, but as cheap and quick as a namespace. -
18
Amplication
Amplication is an open‑source development tool
Amplication is an open‑source development tool. It helps you develop quality Node.js applications without spending time on repetitive coding tasks. Easily create data models and configure role‑based access control with a simple and intuitive UI or CLI. Continuously push the generated application to your GitHub repository. Get a Docker container with your database, a Node.js application, and a React client. Generated apps include NestJS, Prisma, REST & GraphQL API, a React admin UI, logging, authentication, and authorization. Safely customize your generated app Node.js code using your favorite IDE. Decide whether to download the app within a Docker container that’s ready for deployment or to deploy to the Amplication cloud. At any point you’re free to download the source code and continue development elsewhere. We are a group of creators who love open‑source and low‑code. We believe that low‑code application development will evolve into a modern‑day programming language. -
19
Casbin
An authorization library that supports access control models
An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. Besides memory and file, Casbin policy can be stored into lots of places. Currently, dozens of databases are supported, from MySQL, Postgres, Oracle to MongoDB, Redis, Cassandra, AWS S3. Check the full supported list at: adapters. Casbin is implemented in Golang, Java, PHP and Node.js. All implementations share the same API and behaviors. You can learn Casbin once and use it everywhere. In Casbin, the policy storage is implemented as an adapter(aka middleware for Casbin). -
20
SEWOL: Security-oriented Workflow Lib
Java Library for workflow handling
SEWOL provides support for the handling of workflow traces. It allows to specify the shape and content of process traces in terms of entries representing the execution of a specific workflow activity. Currently it supports plain text, Petrify, MXML and XES log file types. In order to specify security-related context information, SEWOL provides access control models such as access control lists (ACL) and role-based access control models (RBAC). SEWOL uses and encloses the following libraries: - TOVAL (http://sourceforge.net/p/toval), - JAGAL (http://sourceforge.net/p/jagal), - OpenXES (http://www.xes-standard.org/openxes/), - Spex (http://code.deckfour.org/Spex/) - Google Guava (https://github.com/google/guava), - xstream (http://xstream.codehaus.org/) and - graph-impl and visualization components of Jung 2 (http://jung.sourceforge.net/). Documentation: http://doku.telematik.uni-freiburg.de/sewol -
21
WendzelNNTPd
A free Usenet server with SQL backend and RBAC.
The WendzelNNTPd is a IPv6-ready NNTP usenet-server with the main goal to be as easy to use as possible. It is portable (Linux/*BSD/*nix), supports AUTHINFO authentication, contains ACL as well as role based ACL and supports invisible newsgroups. It currently supports MySQL and SQLite backends. -
22
phprbac
PHP Role Based Access Control library
RBAC (role based access control) is the de-facto standard in authorization and access control, because its much easier to maintain and use than traditional ACLs. Unfortunately due to its complicated internals, not many implementations are available. PHP RBAC is compatible with NIST Level 2 RBAC standard and provides even more, with best performance yet available for any authorization library, and its for PHP. Note: Development and support has been moved to Github (https://github.com/OWASP/rbac). New releases will continue to be released here on SF. -
23
Aigebi Rbac a token driven role-based access control engine. It's pure java product. The core rbac engine is deployed as jar. It provides both java API and custom jsp tags. Admin portal is provided to manage rbac data and showcase how to use rbac engine
-
24
Resource-Function-Branch-Role Based Access Control A base model for rfb-rbac in java. It will be supported with web filter, persistence and so on. Enviroment: Eclipse 3.5, JDK 1.5
-
25
Apiato
PHP Framework for building scalable API's on top of Laravel
The open-source flawless framework for building scalable and testable API-Centric Apps with PHP and Laravel. Authentication with OAuth2.0 for first/third-party clients (using Laravel Passport). Role-Based Access Control (RBAC), seeded with a Super Admin, Roles, and Permissions. Query Parameters support (orderBy, sorted, and filter) with full-text search. Useful Endpoints for managing users, roles/permissions, tokens, and more. API Documentations generator, to generate API docs from PHP Docblock using ApiDocJS (provided by Documentation Container). Supports CORS (Cross-Origin Resource Sharing) and JSONP (JSON with padding). Auto encoding/decoding of real IDs, to prevent exposing real ids to the outer world. API Throttling (rate-limiting to control the rate of traffic received and protect your server). Support Data Caching (with auto clearing on Create, Update, and Delete). API versioning in the URL or Header (versioning based on the route file name).
