Manage Authorization Data
Oso Cloud uses data from your application to make authorization decisions. Your
authorization rules declare abstract logic like anyone with the member
role on an organization is allowed to view it, but it doesn't say which users
have the member
role on which organizations. That's where authorization
data comes in, in the form of facts.
Facts are pieces of authorization data that your application sends to Oso Cloud. Facts have a name and generally 2-3 arguments. Here are some example facts:
# Alice has the "member" role on the ACME organization.has_role(User{"Alice"}, "member", Organization{"ACME"});# The Anvils repository's parent organization is ACME.has_relation(Repository{"Anvils"}, "parent_organization", Organization{"ACME"});
The Oso Cloud Data Model guide contains more details about what facts are. The rest of this guide focuses on managing facts in Oso Cloud from development to production.
This section provides some guides for how to manage the data that is stored in Oso.
- Sync Data - Oso Cloud uses your application data to make authorization decisions. This guide explains how to convert that data to the facts format and send it to Oso Cloud.
- Export Facts from Oso Cloud - Your data is your data. This guide explains how to pull facts out of Oso Cloud if you want to inspect them or use them elsewhere.
- Migrate Data and Policies - If you need to update your data model in Oso Cloud (e.g. to reflect an application data migration), this guide will show you how.