Skip to main content

What is GAC?

GAC (Granular Access Control) is a flexible and efficient PHP library that provides a comprehensive system for managing access permissions in backend applications. Whether you’re building APIs, MVC applications, or any other PHP backend system, GAC gives you fine-grained control over who can access what.

Key features

GAC provides powerful access control capabilities designed for real-world applications:

Role-based permissions

Assign permissions to users and clients through roles with priority-based inheritance

Module-level control

Grant access to entire module categories or specific individual modules

Feature-based access

Control granular features like create, read, update, delete, trash access, and development mode

Access restrictions

Apply date-based and entity-based restrictions with customizable validation rules

Built-in caching

Improve performance with file-based or custom cache adapters

Flexible adapters

Use the default PDO adapter or implement your own database and cache adapters

How it works

GAC operates on a hierarchical permission model:
1

Define entities

Set up users and clients as entities that need access control
2

Assign roles

Create roles with specific permissions and assign them to entities with priority levels
3

Configure permissions

Grant access to modules or module categories with specific features (CRUD operations)
4

Apply restrictions

Add optional restrictions like date ranges or entity-specific access rules
5

Check access

Query permissions in your application to authorize actions

Permission hierarchy

GAC resolves permissions using a priority-based system:
  1. Personal permissions - Direct permissions assigned to a user or client (highest priority)
  2. Role permissions - Inherited from assigned roles based on role priority
  3. Granularity - Category-level permissions can be overridden by module-level permissions
Personal permissions always take precedence over role-based permissions. Among roles, the priority field determines which role’s permissions apply first.

Use cases

GAC is ideal for applications that require sophisticated access control:

Multi-tenant applications

Manage different permission sets for various clients or organizations accessing your system. 
$gac->setEntity('client', $clientId)
    ->getPermissions();

Role-based systems

Build admin panels, dashboards, or enterprise applications with multiple user roles. 
// System administrator with full access
// Department supervisor with limited access
// Regular user with read-only access

API access control

Control which API clients can access specific endpoints and operations. 
if ($permissions->has('users') && $permission->hasFeature('create')) {
    // Allow user creation
}

Time-based restrictions

Enforce access windows for temporary access or scheduled operations. 
$restrictions = $gac->getRestrictions();
if ($restrictions->get('by_date')->run(['date' => time()])) {
    // Access allowed in current time window
}

Architecture overview

GAC consists of several key components:

GAC core class

Main class for configuring connections and retrieving permissions

Permissions

Classes for checking module access and features

Restrictions

Extensible system for validating access constraints

Adapters

Database and cache adapters with customizable implementations

What’s next?

Ready to get started? Follow our installation guide to add GAC to your project.

Installation

Install GAC via Composer and set up your database

Build docs developers (and LLMs) love

Get started for freeTalk to us