This crate will help you set up authorization and validate user permissions in actix-web.

The library can also be integrated with third-party solutions (like actix-web-httpauth).

Programming language: Rust
License: Apache-2.0 or MIT
Tags: Scripting     Web     Web Programming     Actix     Authorization    
Latest version: v3.0.0-beta.2

actix-web-grants alternatives and similar packages

Based on the "Web programming" category.
Alternatively, view actix-web-grants alternatives based on common mentions on social networks and blogs.

Do you think we are missing an alternative of actix-web-grants or a related project?

Add another 'Web programming' Package



Extension for actix-web to validate user permissions.

CI Crates.io Downloads Badge crates.io Documentation dependency status Apache 2.0 or MIT licensed

To check user access to specific services, you can use built-in proc-macro, PermissionGuard or manual.

The library can also be integrated with third-party solutions (like actix-web-httpauth).

Example of proc-macro way protection

use actix_web_grants::proc_macro::{has_permissions};

async fn macro_secured() -> HttpResponse {

Example of Guard way protection

use actix_web_grants::{PermissionGuard, GrantsMiddleware};

            .to(|| async { HttpResponse::Ok().finish() })
    .service(web::resource("/admin") // fallback endpoint if you want to return a 403 HTTP code 
            .to(|| async { HttpResponse::Forbidden().finish() }))

Example of custom fallback endpoint for Scope with Guard

Since Guard is intended only for routing, if the user doesn't have permissions, it returns a 404 HTTP code. But you can override the behavior like this:

use actix_web_grants::{PermissionGuard, GrantsMiddleware};
use actix_web::http::header;

            .to(|| async { HttpResponse::Ok().finish() }))
        web::resource("/admin{regex:$|/.*?}").to(|| async { 
            HttpResponse::TemporaryRedirect().append_header((header::LOCATION, "/login")).finish()

When Guard lets you in the Scope (meaning you have "ROLE_ADMIN_ACCESS"), the redirect will be unreachable for you. Even if you will request /admin/some_undefined_page.

Note: regex is a Path variable containing passed link.

Example of manual way protection

use actix_web_grants::permissions::{AuthDetails, PermissionsCheck};

async fn manual_secure(details: AuthDetails) -> HttpResponse {
    if details.has_permission(ROLE_ADMIN) {
        return HttpResponse::Ok().body("ADMIN_RESPONSE");

You can find more examples in the git repository folder and documentation.

Supported actix-web versions

  • For actix-web-grants: 2.* supported version of actix-web is 3.*
  • For actix-web-grants: 3.* supported version of actix-web is 4.*

*Note that all licence references and agreements mentioned in the actix-web-grants README section above are relevant to that project's source code only.