Release: Oso 0.11.0 is out, including the official release of the Oso Go Library and Increased Policy Coverage Data Filtering

The official release of the Oso Go library is here! go-oso 0.11.0 now supports the REPL, the debugger and has expanded documentation. Get started with go-oso here.

This release also includes policy coverage for data filtering. These changes make it possible to write queries in a more declarative style, and allow Oso to answer more queries using unbound variables. For example, with this build you can:

Write hierarchical authorization policies over collections of objects:

# A user can read an Expense if they can read the organization of the expense.
allow(actor, "read", expense: Expense) if
    allow(actor, "read", expense.organization);

Write a much broader array of policies using negation and list filtering. A common one might look like this:

# Admins can delete expenses that are not protected or already approved.
allow(actor, "delete", expense: Expense) if
    actor.is_admin and
    not (expense.is_protected = true or expense.is_approved = true);

Write policies that use list filtering to authorize access to a resource based on an intersection between collections.

# An actor can approve an Expense if she is a manager of the Expense's# creator AND in the list of approvers for the Expense's project.
allow(actor, "approve", expense: Expense) if
    actor in expense.creator.managers and
    approver in expense.project.approvers and
    actor = approver;

If you use any of our Python framework integrations, these now include Oso 0.11.0 and have been updated.

For more details, read the changelog.

If you ever have questions, we're available to talk to you about how to get from one version to the next, or to discuss anything you'd like about the product, your use case, or authorization more generally – join us on Slack or open an issue.

Want us to remind you?

We'll email you before the event with a friendly reminder.

The best way to learn is to get your hands dirty.