Batteries-Included
Authorization
RBAC done right
For teams that are past rolling their own permissions
RBAC done right
Maybe this is your first RBAC build, or maybe it's a refactor after years of hacks.
We've done the hard thinking for you. We build best practices into Oso based on work with hundreds of engineering teams – like how to model common patterns or where to put authorization in your stack. Plus, you get well-maintained docs, example code, as well as access to the core engineering team and hundreds of other developers in the Oso community Slack.
Learn how Oso works We've done the hard thinking for you. We build best practices into Oso based on work with hundreds of engineering teams – like how to model common patterns or where to put authorization in your stack. Plus, you get well-maintained docs, example code, as well as access to the core engineering team and hundreds of other developers in the Oso community Slack.
.svg)
Your forever framework
Start with RBAC, then build any permissions model or feature – like relationships, hierarchies, or groups – using a built-in primitive or a policy you write yourself with our declarative policy language, Polar. By separating your authorization from your business logic, Oso is easier to build on, test and debug than custom authorization code.
See how to build permissions modelsWhat is Oso?
Oso is a batteries-included framework for building authorization in your application.
.png)
Model
Set up common permissions patterns like RBAC and relationships using Oso's built-in primitives. Extend them however you need with Oso's declarative policy language, Polar.
Filter
Go beyond yes/no authorization questions. Implement authorization over collections too – e.g., "Show me only the records that Juno can see."
Test
Write unit tests over your authorization logic now that you have a single interface for it. Use the debugger or tracing to track down unexpected behavior.
Authorization Academy
Learn authorization best practices
Read a series of technical guides that explains how to build authorization into an app, including architecture, modeling patterns, enforcement, and more — whether you use Oso or not.
Browse the Guides
%25201.svg)
.png)
Loved by Developers
Calvin French-Owen
Founder, Segment
Founder, Segment
“We spent 6+ months building authz infra. Oso is ensuring other companies get the right building blocks from day one."
Brian Scanlan
Engineer, Intercom
Engineer, Intercom
“Oso is excellent and well worth taking a look at. The rollout at Intercom has been very slick."
KC Chintalapati
Engineer, Fiddler
Engineer, Fiddler
“Oso was the fastest path to building roles and has been incredible – easy to wrap our heads around, great docs, and makes life much simpler."
Karan Talati
CEO, First Resonance
CEO, First Resonance
“We love Oso because it lets us manage the chaos of access. We got up to speed in 1 week and into production in 3 weeks with 1 engineer.”
Nicholas Matison
Senior Engineer, Wayfair
Senior Engineer, Wayfair
“We needed to manage authorization across all of our new microservices. The answer was the Oso authorization framework."
Simen A. W. Olsen
CDO, Bjerk
CDO, Bjerk
“We love Oso, and that's not just because their authorization library is the best, but because the team is awesome too!"
Andrew McClain
Founding Engineer, Sesh
Founding Engineer, Sesh
“Oso gives us everything we need to solve authorization – conceptually and implementation-wise. It's just the right amount of magic."
Mike Dearman
Engineer, Undisclosed
Engineer, Undisclosed
“I've really appreciated the teamwork and honestly, quick turnaround vs. other vendors and projects."
Let's see some code.
