Skip to main content

SQLite Adapter for Casbin: Local Policy Storage Guide

· 5 min read
Serhii Hrekov
Serhii Hrekov
software engineer, creator, artist, programmer, projects founder

Using SQLite as the database adapter for Casbin policy storage is the ideal solution for local development, unit testing, and small-scale applications due to its lightweight, file-based nature.

In the Python Casbin ecosystem, this is achieved using the casbin-sqlalchemy-adapter, as SQLAlchemy natively supports SQLite without needing separate driver installations [2].

1. Installation and Dependencies​

To set up Casbin with SQLite, you only need the core Casbin library and the Casbin SQLAlchemy Adapter:

# Install the core Casbin library
pip install pycasbin

# Install the SQLAlchemy Adapter (handles SQLite, PostgreSQL, MySQL, etc.)
pip install casbin-sqlalchemy-adapter

2. Setting Up the Casbin Enforcer with SQLite​

The setup requires defining the SQLAlchemy connection string that points to your SQLite file. If the file doesn't exist, SQLite and the adapter will automatically create it.

Python Code Example​

import casbin
from casbin_sqlalchemy_adapter import Adapter as SQLAlchemyAdapter

# 1. Define the connection string for the SQLite database file.
# The 'sqlite:///' prefix indicates a file path (three slashes).
# 'policy.db' will be created in the current directory if it doesn't exist.
SQLITE_URL = 'sqlite:///policy.db'

# 2. Instantiate the Adapter
# This links Casbin's policy management to the SQLite file.
adapter = SQLAlchemyAdapter(SQLITE_URL)

# 3. Instantiate the Casbin Enforcer
# 'model.conf' defines the rules (e.g., RBAC, ABAC).
# The adapter is passed here, which triggers the LoadPolicy() operation.
e = casbin.Enforcer('model.conf', adapter)

# The Enforcer is now ready to perform checks against the policy stored in 'policy.db'.

# Example Enforcement
sub = "alice"
obj = "/users/101"
act = "edit"

if e.enforce(sub, obj, act):
    print(f"{sub} is permitted to {act} {obj}.")
else:
    print(f"{sub} is denied access to {obj}.")

Annotation: The SQLAlchemyAdapter translates Casbin policy rules (like p, alice, data1, read) into rows in a table named casbin_rule within the policy.db file [1].

3. Policy Management​

When using the Casbin management API, the adapter ensures changes are immediately saved to the SQLite file, providing persistence across application restarts.

Adding and Removing Policies​

# Adding a new policy rule
e.add_policy("bob", "/data/audit", "view")

# Adding a grouping rule (e.g., assigning a role)
e.add_grouping_policy("bob", "auditor")

# Removing a policy rule
e.remove_policy("alice", "/users/101", "edit")

Every successful call to the Casbin policy management API (e.g., add_policy, remove_grouping_policy) automatically calls the adapter's methods to update the SQLite database file.

Key Considerations for SQLite​

  • No Watcher Needed: In a typical local development scenario, where only one instance of the Flask app is running, a Watcher (used for synchronizing policy changes across multiple services) is not necessary.
  • Performance: SQLite is extremely fast for local, single-user access, making it highly efficient for unit and integration tests.
  • Portability: The use of the SQLAlchemy Adapter means you can switch the policy storage to PostgreSQL or MySQL for staging/production simply by changing the connection string (SQLITE_URL) and installing the corresponding driver, without altering your core Casbin or Flask application code.

Sources​

  1. GitHub - pycasbin/sqlalchemy-adapter
  2. Casbin Documentation - Adapters

More on Python

Integrate Firestore as the policy storage for Casbin with Python/Flask stack
Integrate Firestore as the policy storage for Casbin with Python/Flask stack

The fundamental way to integrate **Firestore** as the policy storage for Casbin is by using a dedicated **Adapter**. In Casbin, an adapter serves as the persistent layer, handling the `LoadPolicy()` and `SavePolicy()` operations between the in-memory enforcer and the database.

Building a URL Redirector in Python for Dynamic QR Codes
Building a URL Redirector in Python for Dynamic QR Codes

Dynamic QR codes allow you to change the destination URL after printing. This article shows how to build a simple URL redirector using Flask and SQLite in Python.

SQLAlchemy Relationships Without Database Foreign Keys
SQLAlchemy Relationships Without Database Foreign Keys

How to define relationships between SQLAlchemy models (e.g., one-to-many, many-to-one) purely in the Python code without creating corresponding `FOREIGN KEY` constraints in the underlying SQL database schema.