Model Relationship-Based Access Control (ReBAC)

Relationship-based access control, or ReBAC, means organizing permissions based on relationships between resources. For a more comprehensive explanation of ReBAC, see Oso's Authorization Academy chapter on Relationship-Based Access Control (ReBAC) (opens in a new tab).

Oso Cloud supports modeling ReBAC relationships and has features to greatly simplify policies using them.

Below, find guides on common ReBAC patterns.

GuideDescription
Files & FoldersCascading permissions through files nested in folders
User GroupsControlling permissions by membership in a group
ImpersonationAllowing one user to inherit a subset of another user's permissions
Organization HierarchiesCascading permissions through user relationships
User-Resource RelationshipsUsing a parent resource's permissions + roles to define permissions on the child