Identity & Access Management

A live, explainable authorization engine.

AccessCore decides who can do what — and shows its work. Hybrid ReBAC, RBAC, and ABAC in a single policy decision point: relationship graphs, roles, and attribute conditions resolved in one call.

A portfolio demo backed by a live API. Sign in with the seeded demo account — credentials are prefilled on the Playground.

Check

Ask one question — can this subject perform this action on this resource? Get permit or deny back, with an explainable trail of reason codes.

Expand

Walk the relationship graph the other way. List every subject that resolves into a relation across role aliases, nested groups, and hierarchy.

Simulate

Preview a policy change before shipping it. Compare the live decision against a proposed policy overlay, side by side, with a changed flag.

One engine, three models

Most systems bolt these together. AccessCore resolves them in a single evaluation and returns the reasons behind every decision.

ReBAC
Zanzibar-style relationship tuples with computed and tuple-to-userset rewrites.
RBAC
Roles modelled as relations and resolved through the same graph.
ABAC
Attribute conditions on the principal and environment, evaluated per request.
Consistency
Optional zookie tokens for read-your-writes freshness guarantees.

Token-safe by design

This console is a backend-for-frontend. The browser never touches an access token — the Next.js server holds the session in an httpOnly cookie and proxies every authorization call to the AccessCore API server-side.