Resource Sharing
Grant access on a resource to a specific person.
To achieve this, we'll define roles on that resource. We'll often also want to use roles to control who is allowed to share a resource.
Oso Policy
actor User { }resource Repository { roles = ["reader", "admin"]; permissions = ["read", "invite"]; "read" if "reader"; "invite" if "admin";}test "admin can invite readers" { setup { has_role(User{"alice"}, "admin", Repository{"anvil"}); has_role(User{"bob"}, "reader", Repository{"anvil"}); } assert allow(User{"alice"}, "invite", Repository{"anvil"}); assert allow(User{"bob"}, "read", Repository{"anvil"});}