Use Cases
Who Uses Oso
Developers from startups to the Fortune 500 use Oso to build authorization into their apps.
.svg){kind=logo}
Developers choose Oso for application authorization because:
- Modeling - Oso comes with built-in primitives for roles (RBAC), relationships (ReBAC), plus unbound flexibility for attributes (ABAC) and other conditions using our declarative policy language, Polar.
- Enforcement - Oso provides APIs for checking at the request or resource level, checking resources in batch, or getting all the permissions a user has.
- Architecture - Oso comes as a fully-managed cloud service with low-latency and high uptime. It's also available as an open source library for those who need it.
“Oso is excellent and well worth taking a look at. The rollout at Intercom has been very slick."
Brian Scanlan
Principal Engineer, Intercom
Principal Engineer, Intercom
Common Use Cases
Role-Based Access Control
Give users a repeatable set of permissions – called roles – based on where they sit in the org or project, their function, or whatever criteria make sense for your app.
Microservices
Get a single place to store and share authorization data cross microservices.
Read about patterns in microservices authorizationCustom Roles
Let your users create their own roles based on their requirements.
Data Filtering
Rather than answering the question "Can this user access this resource, yes or no?" answer the question "Show me all the things (e.g., rows, resources) that this user can access."
Organizations
Get started with a simple way to group users by organization (or tenant), and give users access to organization-wide resources. E.g., Everyone in a given company can access that company's files.
Groups
Organize permissions based on groupings of users or resources.
E.g., Provide access to different folders based on what team a user belongs to.
E.g., Provide access to different folders based on what team a user belongs to.
Ownership & Sharing
Let users access and modify any resource that they created. E.g., A user can read and edit her own documents.
Files & Folders
Configure access at the resource level. E.g., Mark a specific file as private so no one can read it except admins.
UI Authorization
Let your users invite others to organizations, or share granular access to specific resources.
Learn about authorization in the UIIf you're interested in learning about authorization fundamentals, look at the technical guides in Authorization Academy.
Who ♥️ Oso
fiddler
Role-based access control using resource-level roles for its ML Model Performance Management product.
Hear from the developer
Intercom
Role-based access control for conversational marketing platform. Migration from legacy system.
First Resonance
Global roles to comply with ITAR regulations and upsell enterprise customers.
Wayfair
Microservices authorization for International Supply Chain application.
Hear from Wayfair Engineering
Bjerk
Customer dashboard for managing subscriptions using resource-level roles and attributes pulled off tokens.
Hear from the founder.png){kind=avatar}
NLNet
Pre-built roles, as well as the ability to build custom roles and write custom rules for a certificate authority.
Intraverbal
Authorization for content creation platform for online curricula, including resource-level roles and ownership.
Scandinavian Government
ERP for vocational program as part of government safety net using organizations and custom rules.
What Oso Doesn't Do
Authentication & User Management
Oso assumes that you have a system in place for authenticating users and that you're storing user data elsewhere (e.g., in a database, hosted service). You can use user information as parameters in rules, but Oso is not a substitute for something like AWS Cognito or Firebase Authentication.
Infrastructure Authorization
While you can express your infrastructure policies using Oso, you'd need to build your own access gateway, proxy, or integration points to enforce them. This is possible but not documented. For this reason, you shouldn't view Oso as a replacement for things like AWS IAM or VPN tunnels.
