// the find
AlexKhymenko/ngx-permissions
Permission and roles based access control for your angular(angular 2,4,5,6,7,9+) applications(AOT, lazy modules compatible
ngx-permissions is an Angular library for role and permission-based access control. It lets you guard routes, show/hide template elements, and define hierarchical roles with validation functions — all without a backend dependency. Useful for any Angular app where you need to conditionally render UI or block navigation based on the current user's permissions.
Structural directive support is solid — the `*ngxPermissionsOnly` and `*ngxPermissionsExcept` syntax is clean and works with `then`/`else` blocks, which is more flexible than most RBAC libraries offer. Route guard implementation covers `canActivate`, `canLoad`, and `canActivateChild`, so you're not patching things together yourself. The lazy-module isolation story with `permissionsIsolate: true` is well thought out — separate injector instances per feature module is the right model for a microfrontend or large app. Test coverage is extensive with dedicated spec files for each service and guard.
The README explicitly says it's outdated and points to a wiki — that's a bad sign for a library at 950 stars; documentation debt of that scale suggests maintenance is slow. Permissions are stored in-memory with no built-in persistence layer, so you're responsible for rehydrating on every page load or refresh, and the docs don't give you a clean pattern for it. The `canLoad` guard will block entire lazy chunks, but if permissions haven't loaded yet (e.g., async from an API), there's no official mechanism to wait — you have to chain guards manually, which is fragile. No signal-based API for Angular 17+ reactive contexts; everything is Observable/Promise-era.