Resource Sharing

Grant access on a resource to a specific person.

To achieve this, we'll define roles on that resource. We'll often also want to use roles to control who is allowed to share a resource.

Oso Policy


actor User { }
resource Repository {
    roles = ["reader", "admin"];
    permissions = ["read", "invite"];
    "read" if "reader";
    "invite" if "admin";
}
test "admin can invite readers" {
    setup {
        has_role(User{"alice"}, "admin", Repository{"anvil"});
        has_role(User{"bob"}, "reader", Repository{"anvil"});
    }
    assert allow(User{"alice"}, "invite", Repository{"anvil"});
    assert allow(User{"bob"}, "read", Repository{"anvil"});
}

Custom Roles