Abbreviated Language For Authorization (ALFA)

What is ALFA?

The Abbreviated Language for Authorization (ALFA) is a language used to express fine-grained, attribute-based access control policies. It’s based on XACML, the OASIS standard for externalized authorization, and provides developers with a simple and easy-to-use syntax.


 * Managers can view records
policy managersViewRecords{
    target clause user.role == "manager" and object.objectType == "document"
    apply firstApplicable
     * R1 - A manager can view a record they own in draft mode
    rule managersCanView{
        target clause action.actionId == "view" and document.status == "draft"
        condition user.username == document.owner

Get Started