A bear playing hopscotch
Product
September 28, 2022

Add Authorization Data to Oso Cloud

There are two components you need to make an authorization decision:

  • Logic (also known as models), i.e., the rules that govern who is allowed to do what
  • Data, i.e., who actually has what permissions, roles, etc.

This post is about authorization data and how to use it in Oso Cloud.

In Oso Cloud, you represent authorization data in a format called facts. Facts have a name  and arguments. Each argument either references a resource in your application (by its type and identifier), or a literal value, like a string. This format is designed to easily support the most common authorization models (e.g., RBAC, ReBAC) but is also generic enough to support anything that may come up.

Here are some example facts you might store for common authorization models:

Screen Shot 2022-09-28 at 12.34.11 PM.png

Add a fact

Once you have a draft policy in place to represent your authorization logic, the next step is to add some facts. You can do that in the Facts page in Oso Cloud.

Go to the Facts page

Screen Shot 2022-09-28 at 11.13.19 AM.png

Click the “Add a fact” button.

Screen Shot 2022-09-28 at 10.37.45 AM.png

This opens a new modal window. Type in a fact, following the formatting guidelines in the modal. Then click “Add fact.”

Screen Shot 2022-09-26 at 4.12.04 PM.png

Note: You can only enter facts that match the rules in your policy. If you try to add an invalid fact, you will get an error message. Learn more about writing facts here.

View Your Facts

After you’ve added a fact, go back to the Facts page and you’ll should see the fact right there. Any facts that you add to Oso Cloud will appear on this page (or will be searchable from here).

Screen Shot 2022-09-27 at 10.52.17 PM copy.png

Delete Facts

If you fat-fingered the last fact, or perhaps need to revoke a user’s permissions, you can of course delete facts too.

Find the fact you want to delete on the Facts page. Hover over it, and you’ll see a “Delete” button appear. Click on the delete button to delete the fact.

Screen Shot 2022-09-27 at 10.52.17 PM.png

Search Facts

If you want to go looking for a specific fact (or set of Facts) that you don’t see on the Facts page, you can also search through them.

Enter a type/id pair into the search bar.

Screen Shot 2022-09-27 at 10.52.18 PM.png

You’ll see Filtered results displayed immediately that match the inputs.

For convenience, you can also click on any argument within a fact to auto-populate the search bar with that term.

Screen Shot 2022-09-27 at 11.28.03 PM.png

APIs & CLI

The Facts UI is a handy way to interact with the data you store in Oso Cloud, especially when getting started. You can also manage facts through Oso Cloud’s APIs using our client libraries and CLI. The APIs are not only useful for reproducibility, they also support additional capabilities not currently exposed in the UI, such as:

Give it a try

To get started with facts, go to the Facts page. If you don’t have a policy, start with the Policy Builder and see the guide in related topics below.

Related Topics

Want us to remind you?
We'll email you before the event with a friendly reminder.
Implement authorization with Oso
Learn about Oso

Write your first policy

Try Oso Cloud
Read the docs
Product
DocumentationUse casesPricingSecurityChangelogStatusPrivacy Policy
Learn
Authorization AcademyWhat is Google Zanzibar?What is Open Policy Agent (OPA)?Authorization as a ServiceAuthorization FAQWhat is Attribute Based Access Control (ABAC)?
How-to
Role-Based Access Control in PythonRole-Based Access Control in Node.jsRole-Based Access Control in GoDebugTestPolar Syntax
© 2024 Oso Security, Inc.