The permissions layer for humans and AI

for humans and AI

Unified permissions for apps, RAG, and agents. Never build authorization again.

Trusted by

What we hear from engineers

close-quote-icon
My enterprise customers want complex authorization features
close-quote-icon
I want to build AI apps without leaking sensitive data
close-quote-icon
Data synchronization across services is brittle
close-quote-icon
I don’t want to be the one to mess up the authorization code

Oso is authorization as a service

Oso is what engineering teams use when they’re done rolling their own permissions. It lets your application answer questions like “can this user read that document?” and “which objects can this agent manage?”

• Define your authorization logic centrally
• Plug in your application data
• Call the Oso API to enforce authorization across apps, RAG, and agents

what-is-oso-diagram

How Oso works

Write your policy

RBAC, ReBAC, ABAC, AnyBAC you need. Express any authorization model with Polar, our flexible DSL for permissions logic.

how-oso-works-code-snippet

Plug in your data

Sync your authorization data with Oso, or keep it in your database – whatever fits your architecture best.

how-oso-works-subsection-2-diagram

Integrate and enforce

Pick the right abstractions for every use case, with idiomatic SDKs, inline policy tests, logging, regression testing, and debugging built-in.

Logos for various programming languages like JavaScript, Ruby, .Net, and Python.
how-oso-works-subsection-3-diagram

Ship features, not access control optimizations

Scalability
Serving
1M+
authz requests per hour
Performance
Authorizing in
<10ms
p90 across edge nodes
Built with Rust
rustacean-flat-white-logo-mark

Beyond OAuth: Permissions for AI-native apps

ai-robot-icon

Agentic Workflows

Let agents act on behalf of users with limited permissions – with full visibility into every action

Code snippet for agentic workflows
ai-brain-icon

RAG Apps

Get permissions-aware LLM responses by filtering vector embeddings

Diagram for RAG apps
mcp-icon

MCPs

Protect your MCP with fine-grained permissions

diagram for MCPs

Case Studies

Replaced the legacy system with Oso Cloud and built dashboards and APIs on top of Polar, enabling business self-service and eliminating manual code changes.

Unified RBAC, ReBAC, and ABAC into a single, maintainable framework using Oso’s declarative policy language—enabling reusable, consistent access logic across services—while Oso Cloud delivered fast, compliant authorization checks close to local HR data.

Adopted Oso as a centralized authorization platform, enabling faster delivery of secure, agentic AI applications.

Centralized complex permission logic without syncing sensitive data, simplifying development and debugging.

Delivered centralized, versioned policies that streamlined complex access control across services, with enterprise-grade audit logs and dashboards enabling transparent reporting to meet stringent compliance requirements.

Eliminated infrastructure overhead, standardized global access, and enabled fine-grained RBAC and ABAC via Polar—giving engineers the tools to model real-world access while ensuring low-latency, resilient authorization with geo-replicated environments.

Developer Love

Duolingo-logo-markclose-quote-icon
Oso is a compelling fit because of their singular focus on authz, plus the flexibility of their Polar rule definitions. In twenty minutes we’d managed to define a custom Polar definition to handle our current use case.
Evan Ziebart
Engineer, Duolingo
Productboard-logo-markclose-quote-icon
We reviewed multiple solutions – Oso came out on top for its devex, scalable and consistent performance, and the flexibility to match all our needs.
Jiří Brunclík
VP Engineering, Productboard
Intercom-logo-markclose-quote-icon
Oso is A+. As we moved upmarket, being able to implement authz consistently and accurately helped us move faster and resolved a never-ending source of bugs.
Brian Scanlan
Engineer, Intercom
Oyster-logo-markclose-quote-icon
It used to take us months to add new roles. With Oso we cut that time 10x. The Oso team has also been very helpful, making our migration super smooth.
Derick Matamoros
Lead Engineer, Oyster HR

Authorization done right