Relationship-Based Access Control (ReBAC)

Model Relationship-Based Access Control (ReBAC)

Relationship-based access control, or ReBAC, means organizing permissions based on relationships between resources. For a more comprehensive explanation of ReBAC, see Oso's Authorization Academy chapter on Relationship-Based Access Control (ReBAC) (opens in a new tab).

Oso Cloud supports modeling ReBAC relationships and has features to greatly simplify policies using them.

Below, find guides on common ReBAC patterns.

GuideDescription
User GroupsControlling permissions by membership in a group
Files & FoldersCascading permissions through files nested in folders
User-Resource RelationshipsUsing a parent resource's permissions + roles to define permissions on the child
ImpersonationAllowing one user to inherit a subset of another user's permissions
Organization HierarchiesCascading permissions through user relationships