What is pocketbase-IAM?
pocketbase-IAM is an AWS IAM-inspired access control library for PocketBase. It adds policy-based RBAC to any PocketBase application with a single function call.
How It Works
- Register collections for IAM enforcement (opt-in)
- Define JSON policy documents with Allow/Deny statements
- Attach policies to users directly, via roles, or via groups
- IAM evaluates every request — Deny always overrides Allow
Superusers and unauthenticated requests bypass IAM entirely. Non-managed collections use PocketBase's native rules as usual.
Key Features
- Policy-based RBAC — JSON policy documents with Allow/Deny statements
- Deny overrides Allow — explicit Deny always wins, matching AWS IAM evaluation
- Multiple attachment paths — policies attach to users directly, via roles, or via groups
- Wildcard matching —
*patterns in actions and resources - Opt-in enforcement — only registered "managed collections" are gated
- Action registry — register and discover custom actions
- Policy simulator — test permissions before deploying (superuser-only)
- Admin dashboard — built-in React UI for managing everything
Install
bash
go get github.com/yakiroren/pocketbase-IAM/iamWhat's Next?
- Getting Started — set up IAM in your PocketBase app
- Policies — how policy documents work
- Evaluation Flow — how requests are evaluated
- Dashboard — manage permissions through the UI