Skip to main content

Welcome to Laravel Permission

Laravel Permission is a powerful package that allows you to manage user permissions and roles in your Laravel application using a database. Built by Spatie, this package provides an elegant way to implement role-based access control (RBAC) in your applications.

Simple & Intuitive

Clean API for assigning roles and permissions with minimal boilerplate

Laravel Integration

Works seamlessly with Laravel’s native authorization system and Gate

Flexible Guards

Support for multiple authentication guards out of the box

Team Support

Built-in multi-tenancy support for team-based applications

What It Does

This package allows you to manage user permissions and roles stored in a database. Once installed, you can easily control access to your application’s features using an intuitive API.

Quick Example

Here’s a taste of what you can do with Laravel Permission: 
// Give a user permission directly
$user->givePermissionTo('edit articles');

// Check if user has permission
if ($user->can('edit articles')) {
    // User can edit articles
}

Key Features

Database-Driven Permissions

All permissions and roles are stored in your database, making them easy to manage dynamically through your application’s admin interface.

Seamless Laravel Integration

Because all permissions are registered on Laravel’s Gate, you can use Laravel’s native can() method to check permissions: 
// Works with Laravel's authorization
$user->can('edit articles');

// Works in controllers
$this->authorize('edit articles');

// Works in policies
Gate::allows('edit articles');

Flexible Permission Assignment

Permissions can be assigned to users in two ways:

Direct Permissions

Assign permissions directly to individual users for fine-grained control

Role-Based Permissions

Group permissions into roles and assign roles to users for easier management

Guard Support

The package supports Laravel’s authentication guards, allowing you to have different sets of permissions for different user types (e.g., web users, API users, admins). 
// Create permissions for different guards
Permission::create(['name' => 'edit articles', 'guard_name' => 'web']);
Permission::create(['name' => 'edit articles', 'guard_name' => 'api']);

// Assign role with specific guard
$user->assignRole('writer', 'web');

Common Use Cases

Control who can create, edit, publish, or delete content. Assign roles like Editor, Author, and Contributor with different permission levels.
Use the built-in teams feature to isolate permissions between different organizations or workspaces.
Restrict access to sensitive administrative features based on user roles and permissions.
Protect API endpoints by checking permissions, with support for different guards for web and API authentication.

Architecture Overview

The package consists of three main components:
Users can have permissions both directly and through roles. When checking if a user has a permission, the package checks both sources.

Performance

The package is optimized for performance:
  • Caching: All permissions are cached for 24 hours by default to speed up permission checks
  • Automatic Cache Invalidation: Cache is automatically cleared when permissions or roles are updated
  • Eager Loading: Relationships can be eager loaded to prevent N+1 query problems
// Eager load relationships for better performance
$users = User::with(['roles', 'permissions'])->get();

Next Steps

Prerequisites

Check system requirements and dependencies

Installation

Install the package and set up your database

Basic Concepts

Learn about roles, permissions, and guards

Using Permissions

Start using permissions in your application
Already familiar with the basics? Jump straight to the Installation Guide to get started!

Build docs developers (and LLMs) love

Get started for freeTalk to us