Model Relationship-Based Access Control (ReBAC)
Relationship-based access control, or ReBAC, means organizing permissions based on relationships between resources. For a more comprehensive explanation of ReBAC, see Oso's Authorization Academy chapter on Relationship-Based Access Control (ReBAC) (opens in a new tab).
Oso Cloud supports modeling ReBAC relationships and has features to greatly simplify policies using them.
Below, find guides on common ReBAC patterns.
| Guide | Description |
|---|---|
| User Groups | Controlling permissions by membership in a group |
| Files & Folders | Cascading permissions through files nested in folders |
| User-Resource Relationships | Using a parent resource's permissions + roles to define permissions on the child |
| Impersonation | Allowing one user to inherit a subset of another user's permissions |
| Organization Hierarchies | Cascading permissions through user relationships |