Information in this Gist originally from this github issue, which is outdated.
As @RomanMinkin mentioned, you can also consider Casbin (https://github.com/casbin/casbin). It is the most starred authorization library in Golang. There are several differences between Casbin and OPA.
| Feature | Casbin | OPA |
|---|---|---|
| Library or service? | Library/Service | Library/Service |
| How to write policy? | Two parts: model and policy. Model is general authorization logic. Policy is concrete policy rule. | A single part: Rego |
| RBAC hierarchy | Casbin supports role hierarchy (a role can have a sub-role) | Role hierarchies can be encoded in data. Also with the new graph.reachable() built-in function queries over those hierarchies are much more feasible now. |
| RBAC separation of duties | Not supported | Supported: two roles cannot be assigned together |