Oso Cloud
  • What is Oso Cloud?
  • Quickstart
  • Develop With Oso Cloud
    • Set Up Your Environment
    • Local Development Workflow
    • CI/CD
    • Use the Oso Dev Server
    • Use Oso Migrate
    • Set up a Pre-Commit Hook
  • Overview of Oso Cloud
    • Oso Cloud Architecture
    • Modeling Building Blocks
    • Oso Cloud Data Model
    • Sample Apps
    • FAQ
    • Authorization Academy (opens in a new tab)
  • Modeling in Polar
    • Intro to Polar
    • Conceptual Overview
      • Testing + Policy Iteration
      • Types
      • Advanced Resource Creation
    • Role-Based Access Control (RBAC)
      • Multitenant Roles
      • Resource-Specific Roles
      • Global Roles
      • Inheriting Roles
      • Resource Ownership
      • Resource Sharing
      • Custom Roles
      • Role-Based Access Control (RBAC) in Node.js
    • Relationship-Based Access Control (ReBAC)
      • User Groups
      • Files & Folders
      • User-Resource Relations
      • Impersonation
      • Organization Hierarchies
    • Attribute-Based Access Control (ABAC)
      • Public/Private Resources
      • Conditional Roles
      • Time-Based Checks
      • Entitlements
    • Resource creation authorization
      • Bootstrapping root-level resources
      • Authorizing the creation of child resources
    • Field-Level Authorization
      • Fields as Resources
      • Fields in Permissions
    • Polar Reference
      • Foundations
      • Built-in Types
      • Rules + Facts
      • Operators
      • Constants
      • Resource Blocks
      • Facts as Data
      • Tests
      • Extends
    • Best Practices
  • Authorization Data
    • Local Authorization
    • Centralized in Oso
      • Consistency
      • Manage Centralized Data
        • Sync Data
        • Export Data
        • Migrate Data
    • Context Facts
    • Best Practices
  • App Integration
    • Road to Production Guide
    • Oso Cloud Configuration
      • Manage Organization Settings
      • Sandbox Limits
    • Client APIs + SDKs
      • CLI
        • Windows
      • Node.js
        • Migrating to v2
        • v1 (deprecated)
      • Python
        • Migrating to v2
        • v1 (deprecated)
      • Go
        • Migrating to v2
        • v1 (deprecated)
      • Java
        • Migrating to v1
        • v0 (deprecated)
      • Ruby
      • .NET
      • HTTP API
      • IDE Support
        • Metric Collection
    • Integrate Authorization
      • Enforcement Best Practices
      • Authorize Requests
      • Enforce
      • List Filtering
      • Query Oso Cloud
      • Frontend (UI)
      • Use Policy Metadata
      • Authentication
      • GraphQL
    • Productionizing
      • Deployment Models
      • Hybrid Deployment
        • Set Up
        • Configure
        • Scale & Size
        • Monitor
      • Backup & Recovery
      • Self Hosted
    • Troubleshooting
      • Logs
      • The Explain Tool
      • Debug an Unexpected Result
    • Adopt Local Authorization
      • Extract a piece of authorization logic
      • Implement the logic in Oso Cloud
      • Send data to Oso Cloud as context facts
      • Replace context facts with Local Authorization
      • Use Oso Cloud for authorization
    • Query Processing
    • Query Performance
    • End-to-End Example
    • Map Relational Data to Facts
    • Glossary
    • Guide for Single Sign-On (SSO)
    • LLM Authorization (opens in a new tab)
    • Security (opens in a new tab)
    • Legacy Open Source Library (opens in a new tab)
  • Changelog
    • What's New
    • Oso Cloud CLI
    • Node.js SDK
    • Python SDK
    • Go SDK
    • Java SDK
    • Ruby SDK
    • .NET SDK
    • Oso Dev Server
    • Fallback Node
    • VSCode Extension
  • Service Status Page (opens in a new tab)
  • What is Oso Cloud?
  • Quickstart
  • Develop With Oso Cloud
    • Set Up Your Environment
    • Local Development Workflow
    • CI/CD
    • Use the Oso Dev Server
    • Use Oso Migrate
    • Set up a Pre-Commit Hook
  • Overview of Oso Cloud
    • Oso Cloud Architecture
    • Modeling Building Blocks
    • Oso Cloud Data Model
    • Sample Apps
    • FAQ
    • Authorization Academy (opens in a new tab)
  • Modeling in Polar
    • Intro to Polar
    • Conceptual Overview
      • Testing + Policy Iteration
      • Types
      • Advanced Resource Creation
    • Role-Based Access Control (RBAC)
      • Multitenant Roles
      • Resource-Specific Roles
      • Global Roles
      • Inheriting Roles
      • Resource Ownership
      • Resource Sharing
      • Custom Roles
      • Role-Based Access Control (RBAC) in Node.js
    • Relationship-Based Access Control (ReBAC)
      • User Groups
      • Files & Folders
      • User-Resource Relations
      • Impersonation
      • Organization Hierarchies
    • Attribute-Based Access Control (ABAC)
      • Public/Private Resources
      • Conditional Roles
      • Time-Based Checks
      • Entitlements
    • Resource creation authorization
      • Bootstrapping root-level resources
      • Authorizing the creation of child resources
    • Field-Level Authorization
      • Fields as Resources
      • Fields in Permissions
    • Polar Reference
      • Foundations
      • Built-in Types
      • Rules + Facts
      • Operators
      • Constants
      • Resource Blocks
      • Facts as Data
      • Tests
      • Extends
    • Best Practices
  • Authorization Data
    • Local Authorization
    • Centralized in Oso
      • Consistency
      • Manage Centralized Data
        • Sync Data
        • Export Data
        • Migrate Data
    • Context Facts
    • Best Practices
  • App Integration
    • Road to Production Guide
    • Oso Cloud Configuration
      • Manage Organization Settings
      • Sandbox Limits
    • Client APIs + SDKs
      • CLI
        • Windows
      • Node.js
        • Migrating to v2
        • v1 (deprecated)
      • Python
        • Migrating to v2
        • v1 (deprecated)
      • Go
        • Migrating to v2
        • v1 (deprecated)
      • Java
        • Migrating to v1
        • v0 (deprecated)
      • Ruby
      • .NET
      • HTTP API
      • IDE Support
        • Metric Collection
    • Integrate Authorization
      • Enforcement Best Practices
      • Authorize Requests
      • Enforce
      • List Filtering
      • Query Oso Cloud
      • Frontend (UI)
      • Use Policy Metadata
      • Authentication
      • GraphQL
    • Productionizing
      • Deployment Models
      • Hybrid Deployment
        • Set Up
        • Configure
        • Scale & Size
        • Monitor
      • Backup & Recovery
      • Self Hosted
    • Troubleshooting
      • Logs
      • The Explain Tool
      • Debug an Unexpected Result
    • Adopt Local Authorization
      • Extract a piece of authorization logic
      • Implement the logic in Oso Cloud
      • Send data to Oso Cloud as context facts
      • Replace context facts with Local Authorization
      • Use Oso Cloud for authorization
    • Query Processing
    • Query Performance
    • End-to-End Example
    • Map Relational Data to Facts
    • Glossary
    • Guide for Single Sign-On (SSO)
    • LLM Authorization (opens in a new tab)
    • Security (opens in a new tab)
    • Legacy Open Source Library (opens in a new tab)
  • Changelog
    • What's New
    • Oso Cloud CLI
    • Node.js SDK
    • Python SDK
    • Go SDK
    • Java SDK
    • Ruby SDK
    • .NET SDK
    • Oso Dev Server
    • Fallback Node
    • VSCode Extension
  • Service Status Page (opens in a new tab)

Was this page helpful?

Modeling in Polar
Polar Reference

Polar Rules

Polar is Oso's authorization language. You use Polar to write the rules that determine whether to grant or deny access for a given request. The documents in this section describe Polar in detail.

  • Foundations
  • Built-in Types
  • Rules + Facts
  • Operators
  • Constants
  • Resource Blocks
  • Facts as Data
  • Tests
  • Extends
Last updated on June 17, 2025
Foundations

© 2025 Oso Security Inc.