Try OsoMeet an Eng

The permissions layer for humans and AI

for humans and AI

Unified permissions for apps, RAG, and agents. Never build authorization again.

Try Oso for FreeMeet an Eng
Trusted by

A single permissions layer for apps, RAG, and agents

Oso is what engineering teams use when they’re done rolling their own permissions. It lets your application answer questions like “can this user read that document?” and “which objects can this agent manage?”

  • Define your authorization logic centrally

  • Plug in your application data

  • Call the Oso API to enforce authorization across apps, RAG, and agents

Available in the cloud or self-hosted.

what-is-oso-diagram

How Oso works

Oso decouples authorization from your application, so you can build fine-grained access control independently of your business logic.

Write your policy

RBAC, ReBAC, ABAC, AnyBAC you need. Express any authorization model with Polar, our flexible DSL for permissions logic.

Show me the code
how-oso-works-code-snippet

Plug in your data

Sync your authorization data with Oso, or keep it in your database – whatever fits your architecture best.

See how it works
how-oso-works-subsection-2-diagram

Integrate (for the last time)

The right abstractions for every use case. Idiomatic SDKs in the language of your choice. Inline policy tests. Logging, regression testing, and debugging. Backed by the most comprehensive documentation on earth and the team that created the category.

Logos for various programming languages like JavaScript, Ruby, .Net, and Python.
Read the docs
how-oso-works-subsection-3-diagram

Speed and reliability in a critical path

Scalability
Scales horizontally to
1M+
requests/sec
Reliability
Runs in 30+ AZs for
99.99%
uptime
Performance
Delivers
<10ms
p90 latency
Built in Rust
rustacean-flat-white-logo-mark

Permissions for LLMs and Agents

ai-robot-icon

LLM Authorization

Define permissions in one place and enforce them for human and LLM users alike

Learn more
LLM Authorization diagram
ai-brain-icon

RAG Apps

Build Retrieval-Augmented Generation that adds context without leaking data

Build a RAG chatbot
Diagram for RAG apps
mcp-icon

Agents

Monitor agents’ actions and scope permissions down to least privilege

Get early access
Agents venn diagram

Case Studies

Replaced the legacy system with Oso Cloud and built dashboards and APIs on top of Polar, enabling business self-service and eliminating manual code changes.

Read case study

Unified RBAC, ReBAC, and ABAC into a single, maintainable framework using Oso’s declarative policy language—enabling reusable, consistent access logic across services—while Oso Cloud delivered fast, compliant authorization checks close to local HR data.

Read case study

Adopted Oso as a centralized authorization platform, enabling faster delivery of secure, agentic AI applications.

Read case study

Centralized complex permission logic without syncing sensitive data, simplifying development and debugging.

Read case study

Delivered centralized, versioned policies that streamlined complex access control across services, with enterprise-grade audit logs and dashboards enabling transparent reporting to meet stringent compliance requirements.

Read case study

Eliminated infrastructure overhead, standardized global access, and enabled fine-grained RBAC and ABAC via Polar—giving engineers the tools to model real-world access while ensuring low-latency, resilient authorization with geo-replicated environments.

Read case study

Developer Love

Duolingo-logo-markclose-quote-icon
Oso is a compelling fit because of their singular focus on authz, plus the flexibility of their Polar rule definitions. In twenty minutes we’d managed to define a custom Polar definition to handle our current use case.
Evan Ziebart
Engineer, Duolingo
Productboard-logo-markclose-quote-icon
We reviewed multiple solutions – Oso came out on top for its devex, scalable and consistent performance, and the flexibility to match all our needs.
Jiří Brunclík
VP Engineering, Productboard
Intercom-logo-markclose-quote-icon
Oso is A+. As we moved upmarket, being able to implement authz consistently and accurately helped us move faster and resolved a never-ending source of bugs.
Brian Scanlan
Engineer, Intercom
Oyster-logo-markclose-quote-icon
It used to take us months to add new roles. With Oso we cut that time 10x. The Oso team has also been very helpful, making our migration super smooth.
Derick Matamoros
Lead Engineer, Oyster HR

DIY costs more than you think. 80%+ more.

Total Cost of Ownership diagram that compares using OSO versus Do-It-Yourself

Cut through the guesswork with Oso’s Authorization TCO Framework. Calculate the true costs of build versus buy.

Access the TCO Framework

Authorization Resources

Academy

graduate-cap-icon
Read a series of technical guides on application authorization in the Authorization Academy
Go to Authorization Academy

Docs

Open book icon
Learn more about Oso Cloud and how to get started building authorization systems
Go to Docs

Blog

Newspaper icon
Catch up with the latest news, how-to guides, and technical explainers on our blog
Read our Blog

Authorization done right

Try Oso for FreeMeet an Eng