Every engineering team needs to build authorization into its app. One of the most common authorization models to reach for is roles. We've written about this model in Authorization Academy and a variety of other blog posts, and now we're shipping it as part of the library itself, starting with sqlalchemy-oso, in early access.
The new library (which extends the core Oso library) gives you a standard interface for configuration, data modeling and enforcement of role-based access control (RBAC). The upshot is that you get access to our best practices thinking on how to model roles and how to implement it in your app. It looks something like this:
In addition to the library, we've also built a sample application, called GitClub, to show common authorization use cases and patterns, and provided ample documentation for it. Here are the docs on the early access library and GitClub.
Thanks to @seanchen1991 for contributing to the Rust library!
Oso 0.12.1
Improved support for Rust enums in policies
Rust enums can be accessed in policies using the PolarClass derive macro. For example, the enum:
is referenced in Polar as:
Only unit variants are supported currently. Enums are useful for describing things like permissions or role levels in a policy. Thanks to @seanchen1991 for this contribution!
Other bug fixes and improvements
- Fixed a bug that would cause a panic on some data filtering queries involving negation.
- Fixed bug in sqlalchemy-oso causing data filtering queries to have a filtereven when one policy result was unconditionally true.
For more details on these and other changes, read the changelog.
If you ever have questions, we're available to talk to you about how to get from one version to the next, or to discuss anything you'd like about the product, your use case, or authorization more generally – join us on Slack.