Authorization that takes you upmarket

Get enterprise-grade RBAC without redoing your application architecture.

Read the docs

Talk to an engineer →

Loved by Platform Engineering Teams

What is Oso?

Oso is authorization as a service, like LaunchDarkly is feature flags as a service or Auth0 is authentication as a service
Oso exposes an API that can answer any permissions question, like:
- Can user X perform action Y on resource Z?
- Which resources can user P perform action Q on?
- Why did user X get access to resource Y?

Read the authorization FAQ

Local authorization
Authorization over your data in Postgres

High availability
‍Runs in 20+ regions for 99.99% uptime‍

Performance
<10 ms latency and up to 1M reads/sec‍

Extensible
‍RBAC, ReBAC, and ABAC

Deterministic
Testable, debuggable, observable

Run anywhere
‍‍Cloud, hybrid, or on-prem

Built in 🦀 Rust, hardened by thousands of engineering teams

Why Oso?

The only authorization service that doesn’t force you to rethink your application architecture, enabling you to ship basic RBAC, fine-grained permissions, and custom roles in weeks
No syncing required – Oso authorizes locally using your existing database
Roll out Oso incrementally across your services and apps
When needed, you can centralize shared permissions data in Oso Cloud

Learn about local authorization

How Oso works

Write your authorization rules in Polar, Oso’s DSL for authorization
Tell Oso about your database schema
Call the Oso API to ask any authorization question
Oso generates SQL filters, which you run locally against your database and, optionally, shared permissions data in Oso Cloud

Go deep on Oso internals

Why authorization as a service?

Ship changes fast and reduce errors by decoupling authorization code from business logic
Ensure security and correctness
Eliminate duplicate effort by having a shared capability across teams, like authentication or feature flags
Transition to microservices successfully

Read about authorization as a service

Learn authorization best practices

Read a series of technical guides that explains how to build authorization into your app, including architecture, modeling patterns, enforcement, and more — whether you use Oso or not.

Read Authorization Academy

Loved by Developers

“I'm sold on this way ahead for the known future. Oso has nailed the abstractions. That’s the hardest part to get right, and the hardest part to change later.”

Will Flynt
Principal Engineer, Amazon

“Oso is a compelling fit because of their singular focus on authz, plus the flexibility of their Polar rule definitions. Within twenty minutes we’d managed to define a custom Polar definition to handle our current use case."

Evan Ziebart
Engineer, Duolingo

“We needed to manage authorization across all of our new microservices. The answer was the Oso authorization framework."

Nicholas Matison
Senior Engineer, Wayfair

“We assessed many options (including building in-house) and we chose Oso for its local/cloud architecture, 99.99% uptime, and in-depth domain knowledge."

Guhan Venguswamy
Head of Platform Engineering, Jasper.ai

“Oso is A+. As we moved upmarket, being able to implement authz consistently and accurately helped us move faster and resolved a never-ending source of bugs.”

Brian Scanlan
Engineer, Intercom

“We reviewed multiple solutions – Oso came out on top for its devex, scalable and consistent performance, and the flexibility to match all our needs.”

Jiří Brunclík,
VP Engineering, Productboard

“It used to take us months to add new roles. With Oso we cut that time 10x. The Oso team has also been very helpful, making our migration super smooth.”

Derick Matamoros
Lead Engineer, Oyster HR

“Oso has been huge for us. It has the most intuitive model. It’s the most mature, and has the best tooling and docs. And the support has been unreal.”

Raven Jiang
CTO, Arc

“Oso was the fastest path to building roles and has been incredible – easy to wrap our heads around, great docs, and makes life much simpler.”

KC Chintalapati
Engineer, Fiddler

Let's see some code.

Try Oso Cloud