Some adapters support filtered policy management. This means that the policy loaded by Casbin is a subset of the policy in storage based on a given filter. This allows for efficient policy enforcement in large, multi-tenant environments when parsing the entire policy becomes a performance bottleneck.
To use filtered policies with a supported adapter, simply call the LoadFilteredPolicy method. The valid format for the filter parameter depends on the adapter used. To prevent accidental data loss, the SavePolicy method is disabled when a filtered policy is loaded.
For example, the following code snippet uses the built-in filtered file adapter and the RBAC model with domains. In this case, the filter limits the policy to a single domain. Any policy lines for domains other than "domain1" are omitted from the loaded policy:
import "github.com/casbin/casbin" enforcer := casbin.NewEnforcer() adapter := fileadapter.NewFilteredAdapter("examples/rbac_with_domains_policy.csv") enforcer.InitWithAdapter("examples/rbac_with_domains_model.conf", adapter) filter := &fileadapter.Filter{ P: []string{"", "domain1"}, G: []string{"", "", "domain1"}, } enforcer.LoadFilteredPolicy(filter) // The loaded policy now only contains the entries pertaining to "domain1".