A live, explainable authorization engine.
AccessCore decides who can do what — and shows its work. Hybrid ReBAC, RBAC, and ABAC in a single policy decision point: relationship graphs, roles, and attribute conditions resolved in one call.
A portfolio demo backed by a live API. Sign in with the seeded demo account — credentials are prefilled on the Playground.
Check
Ask one question — can this subject perform this action on this resource? Get permit or deny back, with an explainable trail of reason codes.
Expand
Walk the relationship graph the other way. List every subject that resolves into a relation across role aliases, nested groups, and hierarchy.
Simulate
Preview a policy change before shipping it. Compare the live decision against a proposed policy overlay, side by side, with a changed flag.
One engine, three models
Most systems bolt these together. AccessCore resolves them in a single evaluation and returns the reasons behind every decision.
- ReBAC
- Zanzibar-style relationship tuples with computed and tuple-to-userset rewrites.
- RBAC
- Roles modelled as relations and resolved through the same graph.
- ABAC
- Attribute conditions on the principal and environment, evaluated per request.
- Consistency
- Optional zookie tokens for read-your-writes freshness guarantees.
Token-safe by design
This console is a backend-for-frontend. The browser never touches an access token — the Next.js server holds the session in an httpOnly cookie and proxies every authorization call to the AccessCore API server-side.