Concepts
Deep Dive Tutorials
4 Steps to Authorization: Learning the Basics
1. Application Modeling

Application Modeling Basics

When you are confronted with the task of adding authorization to your app, where do you begin?

First, it's important to have a good understanding of the structure of your app, for example:

  • What are the top level resources?
  • Who are the various users?
  • Is there one type of user or many?

Next, you'll identify what parts of your app need authorization and how that authorization should be granted. Examples here might be:

  • The actions users can take when using your app
  • How access to those actions should be controlled (based on roles, relationships, attributes, ect.)

Only then can you really start to tackle the problem of writing your authorization policy.

In this section we will:

  • Review common authorization patterns and when to use them
  • Describe the type of information you'll need from your app for a given pattern
  • Discuss techniques for creating logic abstractions for your app

Talk to an Oso Engineer

If you'd like to learn more about using Oso Cloud in your app or have any questions about this guide, connect with us on Slack. We're happy to help.

Get started with Oso Cloud →

Patterns in Role Based Access Control (RBAC)