Use Cases

Who Uses Oso

Developers from startups to billion-dollar enterprises use Oso to build authorization into their apps.

The most common use case for Oso is authorization in B2B SaaS apps. Developers choose Oso for application authorization because:

  • Oso is a library that integrates into the app.
  • Oso has hooks that let you call into the app to act on objects and data.
  • Oso is built on a declarative policy language called Polar, which comes with prebuilt configurations for common patterns but can be extended for any authorization use case.

“Oso is excellent and well worth taking a look at. The rollout at Intercom has been very slick."

Brian Scanlan
Principal Engineer, Intercom

Common Access Patterns

Organizations
Get started with a simple way to group users by organization (or tenant), and give users access to organization-wide resources. E.g., Everyone in a given company can access that company's files.
Read the guide on organizations
Role-Based Access Control
Role-Based Access Control (RBAC) Give users a repeatable set of permissions – called roles – based on where they sit in the org or project, their function, or whatever criteria make sense for your app.
Learn how to build RBAC
Data Filtering
Rather than answering the question "Can this user access this resource, yes or no?" answer the question "Show me all the things (e.g., rows, resources) that this user can access."
Read the data filtering guide
Groups
Organize permissions based on groupings of users or resources.
E.g., Provide access to different folders based on what team a user belongs to.
Learn about groups
Ownership
Let users access and modify any resource that they created. E.g., A user can read and edit her own documents.
Learn about ownership
Granular Access
Configure access at the resource level. E.g., Mark a specific file as private so no one can read it except admins.
Read about granular access
Custom Roles
Let your users create their own roles based on their requirements.
Learn about custom roles
Invites and Sharing
Let your users invite others to organizations, or share granular access to specific resources.
Custom Rules
Let your users write arbitrary rules to govern who can do what on your platform. E.g., Give your users an interface like AWS IAM for writing policies over resources.
Learn about custom rules
If you're interested in learning about authorization fundamentals, look at the technical guides in Authorization Academy.

Who ♥️ Oso

fiddler
Role-based access control using resource-level roles for its ML Model Performance Management product.
Intercom
Role-based access control for conversational marketing platform. Migration from legacy system.
First Resonance
Global roles to comply with ITAR regulations and upsell enterprise customers.
Rally
Legal document collaboration and automation product using resource-level roles and ownership.
Bjerk
Customer dashboard for managing subscriptions using resource-level roles and attributes pulled off tokens.
Hear from the founder
NLNet
Pre-built roles, as well as the ability to build custom roles and write custom rules for a certificate authority.
See Oso in action
Intraverbal
Authorization for content creation platform for online curricula, including resource-level roles and ownership.
Hear from the founder
Scandinavian Government
ERP for vocational program as part of government safety net using organizations and custom rules.

What Oso Doesn't Do

Authentication & User Management

Oso assumes that you have a system in place for authenticating users and that you're storing user data elsewhere (e.g., in a database, hosted service). You can use user information as parameters in rules, but Oso is not a substitute for something like AWS Cognito or Firebase Authentication.

Infrastructure Authorization

While you can express your infrastructure policies using Oso, you'd need to build your own access gateway, proxy, or integration points to enforce them. This is possible but not documented. For this reason, you shouldn't view Oso as a replacement for things like AWS IAM or VPN tunnels.