Batteries-Included Framework for Application Authorization

Oso is a batteries-included framework for building authorization in your application. With Oso, you can:

  • Model: Set up common permissions patterns like RBAC and relationships using Oso’s built-in primitives. Extend them however you need with Oso’s declarative policy language, Polar.
  • Filter: Go beyond yes/no authorization questions. Implement authorization over collections too - e.g., “Show me only the records that Juno can see.”
  • Test: Write unit tests over your authorization logic now that you have a single interface for it. Use the debugger or tracing to track down unexpected behavior.

Oso in Action

Oso lets you write policies to control who can do what in your app. Select different policies below to see how they change the permissions in the sample app on the right.