Use Cases

Who uses Oso, and how

Developers from startups to the Fortune 100 use Oso for everything from simple RBAC in a monolith to deeply-nested resource hierarchies shared across 20 services.

Hear from our customers

“Arc is a banking platform, so getting authorization right is critical. We knew our requirements could get complex – we’ve already got 40 permissions across 9 roles – and we wanted to lean on the experts.”

Raven Jiang
CTO, Arc

“Oso is excellent and well worth taking a look at. The rollout at Intercom has been very slick."

Brian Scanlan
Engineer, Intercom

Common Use Cases

Model

Multi-tenancy

Take the first step – separate users by organization to keep their data separate from each other. Get the multi-tenancy policy.

Roles (RBAC)

Group permissions by feature, project, or whatever criteria make sense for your app. Read the RBAC guide.

Files & folders

Configure access at the resource level. E.g., Mark a specific file as private so no one can read it except admins. Get the files & folders policy.

Ownership & sharing

Let users access and modify any resource that they created, and share resources with others. Get the ownership & sharing policy.

Custom roles

Let your users create their own roles based on their requirements. Get the custom roles policy.

Public/private

Set a resource — like a file or a URL — to public so that anyone can see it. Get the policy for public/private resources.

Architecture

Monolith

Keep authorization specifics out of your business logic by lifting your user roles into Oso Cloud. Read our guide to building RBAC.

Microservices

Share roles across services, and use service-local attributes when you need to. Read the microservices guide.

Enforcement

UI authorization

Show or hide elements in your UI based on your users’ permissions. Learn about authorization in the UI.

List endpoints

Beyond just, "Can this user access this resource, yes or no?" ask, "What are all the things resources this user can access.” Read the data filtering guide.

Authorizing mutations

Control who can create, update, and delete resources. See an example.

Ask arbitrary questions

Sometimes you need ask arbitrary questions like, “Who are all the users that can write to this repo?” Read the Query guide.

Debugging

When you get an unexpected result, inspect the specific logic and data used to generate an authorization decision. Learn about debugging with Explain.

Logging

See logs of authorization decisions to confirm that your system is working as you expect it to. Try it in the sandbox.

Who ♥️ Oso

Migrated 9-year-old Ruby authorization code to Oso in <3 weeks, adding new features and driving authorization bugs down to zero
Built RBAC for ML monitoring and explainability product in weeks
Moved from monolith to microservices authorization for International Supply Chain portal (16,000 manufacturing partners) in 3 weeks
Built resource-specific roles authorization to comply with ITAR regulations in 1 week, upselling enterprise customers by $100K.

What Oso Doesn't Do

Authentication & User Management

Oso assumes that you have a system in place for authenticating users and that you're storing user data elsewhere (e.g., in a database, hosted service). You can use user information as parameters in rules, but Oso is not a substitute for something like AWS Cognito or Firebase Authentication.

Infrastructure Authorization

While you can express your infrastructure policies using Oso, you'd need to build your own access gateway, proxy, or integration points to enforce them. This is possible but not documented. For this reason, you shouldn't view Oso as a replacement for things like AWS IAM or VPN tunnels.

Get started building.