We all start with homegrown authorization code. Application logic directly enforces authorization rules. Roles and permissions are hardcoded in authz.py.

It works fine, until it doesn't.

And then one day, ugh, you need to rewrite your authorization code.
‍

Oso Developer Experience Engineers, Hazal Mestci and Greg Sarjeant, explored:

• Why hardcoded permissions break down with modern app requirements.
• How to write dynamic, context-aware policies that enable applications to support features like scoped permissions and hierarchical resources.
• Best practices for implementing fine-grained authorization models and separating concerns between application logic and authorization.
  ‍

Plus, they gave a live demo of refactoring an app from hardcoded permissions to debuggable fine-grained authorization using Oso, followed by a Q&A session. 🙌
‍