Authorization Data
To make authorization decisions, Oso uses two components:
- Your environment's policy, which describes the logic you want to use
- Authorization data, which describes your application's current state
When choosing where and how to manage your authorization data, Oso offers the following options:
| Authorization data | Description |
|---|---|
| Local Authorization | Oso lets you describe how facts in your policy are represented in your local database, and then lets you perform the final authorization steps locally. |
| Centralized in Oso | Each Oso Cloud environment provides a database in which you may store authorization data. |
| Context facts | Authorization requests let you provide additional facts, known as context facts. |
Best Practices for Authorization Data
For more details about when to use each type of authorization data, see our authorization data best practices.