Authorization Enforcement Basics

Authorization enforcement is the ability of an application to allow or deny access to resources based on authorization decisions. These decisions are the results from questions you ask Oso Cloud. Authorization decisions require both policy rules and facts to be evaluated.

Authorization QuestionPolicy RulesAvailable FactsAuthorization Decisions
Can Bob edit the Document "Company Roadmap"?
• Org managers can edit Documents
• Bob is an org managerYes, Bob can edit "Company Roadmap"
What are all the resources Alice can read?
• Any user can read public resources
• Roles and permissions are inherited from parent resources
• Alice is a guest user
• "Community Resources" is a public folder
Alice can read all docs and folders within "Community Resources"
What are all the permissions Bob has within the org?
• Org managers can: read, edit, and delete resources
• Bob is an org managerBob can: read, edit, and delete resources.

Oso Cloud provides a set of Check APIs that gives your applications access to these authorization decisions in real time. Your app's authorization enforcement is built around these APIs.

In this section we will:

  • Review the Oso Cloud Check API

Talk to an Oso Engineer

If you'd like to learn more about using Oso Cloud in your app or have any questions about this guide, connect with us on Slack. We're happy to help.

Get started with Oso Cloud →