Resource Sharing

Grant access on a resource to a specific person.

To achieve this, we'll define roles on that resource. We'll often also want to use roles to control who is allowed to share a resource.

Oso Policy


actor User { }
resource Repository {
roles = ["reader", "admin"];
permissions = ["read", "invite"];
"read" if "reader";
"invite" if "admin";
}
test "admin can invite readers" {
setup {
has_role(User{"alice"}, "admin", Repository{"anvil"});
has_role(User{"bob"}, "reader", Repository{"anvil"});
}
assert allow(User{"alice"}, "invite", Repository{"anvil"});
assert allow(User{"bob"}, "read", Repository{"anvil"});
}