Batteries-Included Framework for Application Authorization
Oso is a batteries-included framework for building authorization in your application.
With Oso, you can:
- Model: Set up common permissions patterns like RBAC and
relationships using Oso’s built-in primitives. Extend them however you
need with Oso’s declarative policy language, Polar.
- Filter: Go beyond yes/no authorization questions. Implement
authorization over collections too - e.g., “Show me only the records
that Juno can see.”
- Test: Write unit tests over your authorization logic now that you
have a single interface for it. Use the debugger or tracing to track
down unexpected behavior.
Oso in Action
Oso lets you write policies to control who can do what in your app.
Select different policies below to see how they change the permissions
in the sample app on the right.
Looking for authorization across microservices? Try Oso Cloud
, Oso’s authorization-as-a-service.