Summary

Congratulations! If you've gone through the entire tutorial you should have a working policy that you can start using in your applications. But before you move on, here are a couple things to remember:

Using the 4 steps is the best way to build authorization in Oso Cloud. You can continue using this process to develop more complex authorization policies. Over time you will be able to model more of your application and with greater detail.
Although we presented the idea of building an authorization policy for an HR application, you can apply the multi-tenancy pattern to any use case where it's needed. Simply change the names of roles, permissions, or even the resources to match the terminology used within your app. The pattern will stay the same.

#
actor <NAME_YOUR_USERS> {} # 2. What resources that make up the application? resource <NAME_YOUR_TOP_LEVEL_RESOURCE> { # 3. What actions require authorization? permissions = [ <FIRST_PERMISSION>, <SECOND_PERMISSION> ... ]; # 4. How are permissions granted within the application? roles = [ <FIRST_ROLE>, <SECOND_ROLE> ... ]; # 5. How are permissions attached to roles? <FIRST_PERMISSION> if <FIRST_ROLE>; <FIRST_PERMISSION> if <SECOND_ROLE>; <SECOND_PERMISSION> if <SECOND_ROLE>; ... } ``` **What's Next** - [Learn more about how to model your app's authorization](/guides/role-based-access-control-rbac) - [Learn how to add Oso Cloud to your apps](/get-started/quickstart/beginners-guide#adding-oso-cloud-to-your-application)

Talk to an Oso Engineer

If you'd like to learn more about using Oso Cloud in your app or have any questions about this guide, connect with us on Slack. We're happy to help.

Get started with Oso Cloud →

Using Attributes to Control Permissions