Skip to main content

User management

Add users to your organization

Prerequisites:
  • The person you want to invite must already have an Oso Cloud Developer account (GitHub or Google sign-in).
  • Collect their GitHub username or Google Workspace email to add them.
Steps:
1

Go to the Users tab in settings
2

Click Add a user
3

Enter the user’s GitHub username or Google Workspace email
4

Click Add user
Only existing Oso Cloud users can be added. The system returns an error for unknown usernames.

Configure user roles

Oso Cloud supports two user roles: Member
  • Read access to all organization environments.
  • Manage non-production environments.
Admin
  • All Member permissions.
  • Manage production environments.
  • Invite/remove users.
  • Change user roles.

Change a user’s role

New users default to Member role.
1

Navigate to the Users tab
2

Click the Role dropdown next to the user
3

Select the new role

Remove users

Remove users who leave your company or change teams:
1

Go to the Users tab
2

Click Remove next to the user
3

Confirm removal in the modal dialog

Environment management

Create new environments

Oso Cloud provides default environments, but you can create additional ones for specific use cases:
1

Navigate to the Environments tab
2

Click Create
3

Enter the environment name
4

Click Create

Delete environments

Delete environments you no longer need:
1

Go to the Environments tab
2

Click Delete next to the target environment
3

Type the environment name to confirm
4

Click Confirm
Note: Default environments cannot be deleted.

API key management

Create API keys

Create API keys for programmatic access to Oso Cloud:
1

Navigate to the API Keys tab
2

Click Create API Key next to your target environment
3

Select key type:
  • Read-Write: Full authorization operations
  • Read-Only: Query-only access
4

Copy the generated key immediately
Key management options:
  • Use Copy to copy only the API key
  • Use copy icons for environment variable commands
Security Alert: API keys display only once and cannot be retrieved later. Store them securely.
Limit: Maximum 128 tokens per environment.

Revoke API keys

Revoke compromised or unused API keys:
1

Go to the API Keys tab
2

Click Revoke next to the target key
3

Enter the API key ID to confirm
4

Click Revoke API Key
Common revocation scenarios:
  • Compromised credentials
  • Key rotation policies
  • Cleanup of unused keys

Rate limiting

Oso Cloud enforces request limits on shared developer infrastructure to ensure consistent performance across all users.

Understanding rate limits

Oso Cloud applies two concurrent limits to each environment: Overall Request Limit
  • Applies to all API requests
  • Returns 429 Too Many Requests if exceeded
Write Request Limit
  • Applies specifically to fact additions and deletions
  • Subset of overall requests with lower threshold
  • Write operations count toward both limits

Handle rate limiting

Immediate response

When you receive 429 Too Many Requests:
1

Reduce request volume temporarily
2

Wait 60 seconds for limits to reset
3

Resume normal operations
Rate limits reset automatically with no permanent impact on your account.

Optimize request patterns

Batch related operations Replace multiple individual requests with batch operations: 
# Instead of multiple calls
client.tell("has_role", user1, "admin", org)
client.tell("has_role", user2, "member", org) 
client.tell("has_role", user3, "viewer", org)

# Use bulk operations
facts = [
    ("has_role", user1, "admin", org),
    ("has_role", user2, "member", org),
    ("has_role", user3, "viewer", org)
]
client.bulk_tell(facts)  # Single API call
Benefits of batching:
  • Atomic transactions for related facts
  • Reduced API call volume
  • Better performance
  • Lower rate limit impact
Batch Limit: Developer accounts support up to 20 facts per batch operation.

Get help

Need optimization strategies or policy architecture guidance? Schedule time with an Oso engineer to discuss your specific use case.