Ashwyn Nair, Senior Software Engineer at Sensat
Oso Bear of the Month is a series of interviews with developers in our community to connect and learn more about their authorization journey. For this months feature, we sat down with Ashwyn Nair, Senior Software Engineer at Sensat.
What is your authorization story? Share a bit on how you used Oso to solve for it.
Our visualisation software for infrastructure teams brings 2D and 3D data to life by presenting them in a real-world context. We power over $200bn worth of infrastructure projects globally, enabling teams to spot risks early and meet critical deadlines. As a result, we invest a lot of our time into creating a “safe collaborative” space for our users, ensuring they have full control over who can access their data. Our motivation to revamp our authorisation system stemmed from three places:
- Security and data privacy: We are deeply committed to safeguarding our customers’ data, which led us to simplify our system, ensuring that users can only access the information intended for them at all times.
- Fine-grained control for users: We want to provide our users with fine-grained control over their data, allowing them to determine what to share, with whom, and how much access to grant.
- Deeper authorisation insights: Beyond simply determining “what can I access?” and “what permissions do I have?”, we needed to address other questions like “who else can access this?” and “why do they have access?”.
After exploring several options, we chose Oso for a few reasons. As a small team, we appreciated:
- The Polar language, which allows us to express complex authorisation rules involving numerous relationships and attributes with ease.
- The extensive APIs helped us answer intricate questions effortlessly, such as “who has access to this list of resources and what roles do they have?” or “what permissions does User X have on this list of resources?”
- The Oso team’s deep knowledge, commitment to understand our needs and eagerness to continuously improve the product. This gave us confidence we were in capable hands.
What is one recommendation you would offer to someone doing authorization for the first time?
First, understand your short and long-term authorisation requirements and strive for simplicity. If your needs are relatively straightforward, complex software might not be necessary. However, once your requirements become more intricate, you’ll likely need a more sophisticated system to maintain simplicity.
For us, that threshold was reached when we began managing numerous permissions dependent on multiple relationships and attributes, and needing to provide “deeper authorisation insights” which I mentioned earlier.
Since using Oso, what's a new thing you have been able to accomplish?
We’re pretty close to giving our users fine-grained control over their data, whilst ensuring our code is maintainable and easy to reason about!
How do you think you have most benefited by using Oso?
Being able to state “A user should have Permission X on Resource Y when A, B, C are true” with a simple logical expression, and then query against the expression from multiple angles to answer different authorisation questions is tremendously valuable to us.
Anything additional you want to share about Oso, authorization, your experience?
I’ve absolutely loved working with the Oso team. They’re always willing to answer any questions or debug any issues that have arisen along the way promptly. It’s helped us a lot to have access to their knowledge in this area, in addition to being able to use their offering.
If you had a magic wand, what is one thing you would add or change in Oso?
I would love to see Oso take their auditability features to the next level. Being able to answer questions like “why did/didn’t this person have access to this resource at this point in time” would be valuable to both developers and users.
Thank you so much!
If you enjoyed this interview we encourage you to share it, tag @osohq. We'd also love to hear from you on how your authorization journey is going, join us and thousands of developers on slack!
