Model Relationship-Based Access Control (ReBAC)
Relationship-based access control, or ReBAC, means organizing permissions based on relationships between resources. For instance, allowing only the user who created a post to edit it. Relationships include data ownership, parent-child relationships, groups, and hierarchies.
Implementing hand-rolled ReBAC can be challenging, as it requires a robust understanding of relationships within an organization or system, and it may involve complex algorithms to calculate and manage access based on these relationships. Luckily, implementing ReBAC in Oso Cloud is a snap!
Here are 3 resources that would be useful to have open when running through these guides:
- The Rules Workbench (opens in a new tab), a visual rules editor that you can use to model most of these patterns
- The syntax reference for Polar, our declarative configuration language that you can use to express any authorization model
- And our example application, GitCloud (opens in a new tab), a source code collaboration platform based on GitHub and GitLab