Oso Cloud Documentation
Oso decouples authorization from your application, so you can build fine-grained access control independently of your business logic. Model RBAC, ReBAC, ABAC or any other logic using Polar, our purpose-built language for authorization. Instead of writing ad-hoc permissions checks, you call our service to determine who can do what. Think feature flags, but for access control.
How Oso Works
Authorization with Oso Cloud relies on two components:
- An authorization policy
- User authorization data
An authorization policy is defined using Oso’s domain specific language Polar (opens in a new tab). It is a simple, expressive representation of the authorization rules in your application. A policy written in Polar can be defined using .polar files or Oso’s Workbench console.
User data are defined in Oso as Facts (opens in a new tab). While we define the authorization permissions in Oso with policies, we define the current state of users and resources by storing Facts in Oso. You can add Facts in Oso using your own code or - to get started - Oso’s Workbench console.
Get started
| Quickstart | Install |
|---|---|
| Build your first policy in Oso Cloud | Set up your development environment |
Use cases
| RBAC | ReBAC | ABAC | LLMs (opens in a new tab) |
|---|---|---|---|
| Multitenant, global, and resource-specific roles | User groups, files and folders, organization hierarchies | Public/private, time-based checks, entitlements | Permissions-aware responses, so LLMs don't leak sensitive data to users |
SDKs
Join the Community
We're obsessed with authorization. Join us in our obsession on Slack.