Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Simple ACL for Sequelize

Build Status

Effortlessly ensure that only the right actors can read and write objects.

ssacl will ensure that all reads have the appropriate where queries attached and that all writes are checked for appropriate ownership values.

ssacl needs Sequelize 2.1.0 or higher for all functionality to work

Getting Started

npm install --save ssacl
var ssacl = require('ssacl');

ssacl(sequelize|Model, {
  read: {
    attribute: 'reader'
  write: {
    attribute: 'userId'

Note: Either enable ssacl on the entire sequelize instance or specific Models. Mixing is not supported. Note: If using ssacl on specific models rather than on the sequelize instance the paranoia option needs to be the same for all models.


// will throw an error if the actor for instance does not match the passed actor
instance.update(values, {
  actor: actor

// will throw an error if the actor for instance does not match the passed actor
  actor: actor

// will ammend the where to match the actor
Model.update(values, {
  where: {..}
  actor: actor

// will ammend the where to match the actor
  where: {..}
  actor: actor

// will ammend the where to match the actor
  where: {..}
  actor: actor

// will ammend the where to match the actor
  where: {..}
  actor: actor


Passing actor to all calls can be cumbersome and error-prone so ssacl also supports passing the actor with CLS.

var cls = require('continuation-local-storage')
  , ns = cls.createNamespace('mynamespace');

ssacl(sequelize|Model, {
  cls: ns

// ssacl will look for the actor property in the name () {
  ns.set('actor', 2);

  // both calls will automatically be scoped without explicitely setting actor
  return Model.findAll().then(function () {
    return Model.destroy();

Note that this will apply CLS to Sequelize, so if using CLS with Sequelize, make sure it's the same namespace


By default ssacl will have paranoia enabled (disable with {paranoia: false} globally, or per call). With Paranoia enabled any query executed without an actor will result in an error. To perform actions as god/root use new ssacl.Omnipotent() as a placeholder actor that allows everything.

Note: null or any value matching the public value of read is also a valid read actor.



  • paranoia true|false Toggle paranoia mode, default: true
  • actor function Takes a function that parses an actor into a queryable primitive. Default function will take primary key value from a sequelize instance or return the passed input.
  • read object Defines the options for read restriction
  • read.attribute string The attribute/field to store allowed reader in
  • read.public Value for public read, default: null
  • read.none Value for no reads, default: 0
  • write object Defines the options for write restriction
  • write.attribute string The attribute/field to store allowed writeer in
  • write.none Value for no writes, default: 0


  • actor null|primitive|object|instance|Omnipotent The actor for this call, default: null
  • paranoia true|false Toggle paranoia mode for this call default: true



ssacl ships with ssacl-attribute-roles so you get role white-/blacklisting for free.

ssacl will automatically initialize the addon on the models you initialize ssacl on, so you simply have to configure your attributes as described on the add-ons github page.


koa-ssacl makes actor passing trivial by supporting cls with middleware.

Sponsored by PumpUp

The work on this project is being sponsored by the great people at PumpUp


Simple ACL for Sequelize







No packages published