Writing Your First Policy


Maturity Level: Application-wide authorization

In this tutorial you’ll create an authorization model for a multi-tenancy application. Multi-tenancy applications host data and services that belong to several organizations. However, access to data and services should only be granted to authorized members of a particular organization —not across all organizations.

This pattern of authorization shows up a lot! We’ll use the example of a human resources application and guide you through the 4 steps Oso Cloud provides to build a complete authorization system.

Authorization in 4 steps

Regardless of where you are in your authorization journey (writing your first policy or rolling out your 100th production version), these 4 steps will be your guide to successful authorization development. We’ll use these steps to walk you through each stage of the development process using the Oso Cloud dashboard.

Oso also provides API clients so that you can perform all these steps programmatically. We discuss how to do that in other tutorials. For now we’ll continue getting you familiarized with the Oso Cloud dashboard and walk you through the structure for planning your authorization development.

  1. Create an authorization policy that models who’s allowed to do what in your application using Polar. 1. Store core authorization data as facts in Oso Cloud. 1. Perform authorization checks against your policy. 1. Monitor and troubleshoot authorization decisions in realtime from Oso Cloud.

Let’s get started!

Talk to an Oso Engineer

If you'd like to learn more about using Oso Cloud in your app or have any questions about this guide, connect with us on Slack. We're happy to help.

Get started with Oso Cloud →