Use Cases

Who Uses Oso

Developers from startups to the Fortune 500 use Oso to build authorization into their apps.

Developers choose Oso for application authorization because:

  • Modeling - Oso comes with built-in primitives for roles (RBAC), relationships (ReBAC), plus unbound flexibility for attributes (ABAC) and other conditions using our declarative policy language, Polar.
  • Enforcement - Oso provides APIs for checking at the request or resource level, checking resources in batch, or getting all the permissions a user has.
  • Architecture - Oso comes as a fully-managed cloud service with low-latency and high uptime. It's also available as an open source library for those who need it.

“Oso is excellent and well worth taking a look at. The rollout at Intercom has been very slick."

Brian Scanlan
Principal Engineer, Intercom

Common Use Cases

Role-Based Access Control
Give users a repeatable set of permissions – called roles – based on where they sit in the org or project, their function, or whatever criteria make sense for your app.
Learn how to use RBAC
Get a single place to store and share authorization data cross microservices.
Read about patterns in microservices authorization
Custom Roles
Let your users create their own roles based on their requirements.
Learn about custom roles
Data Filtering
Rather than answering the question "Can this user access this resource, yes or no?" answer the question "Show me all the things (e.g., rows, resources) that this user can access."
Read the data filtering guide
Get started with a simple way to group users by organization (or tenant), and give users access to organization-wide resources. E.g., Everyone in a given company can access that company's files.
Get the policy for organizations
Organize permissions based on groupings of users or resources.
E.g., Provide access to different folders based on what team a user belongs to.
Get the policy for groups
Ownership & Sharing
Let users access and modify any resource that they created. E.g., A user can read and edit her own documents.
Get the policy for ownership and sharing
Files & Folders
Configure access at the resource level. E.g., Mark a specific file as private so no one can read it except admins.

Get the policy for files and folders
UI Authorization
Let your users invite others to organizations, or share granular access to specific resources.
Learn about authorization in the UI
If you're interested in learning about authorization fundamentals, look at the technical guides in Authorization Academy.

Who ♥️ Oso

Role-based access control using resource-level roles for its ML Model Performance Management product.
Hear from the developer
Role-based access control for conversational marketing platform. Migration from legacy system.
First Resonance
Global roles to comply with ITAR regulations and upsell enterprise customers.
Microservices authorization for International Supply Chain application.
Hear from Wayfair Engineering
Customer dashboard for managing subscriptions using resource-level roles and attributes pulled off tokens.
Hear from the founder
Pre-built roles, as well as the ability to build custom roles and write custom rules for a certificate authority.
Hear from the developer
Authorization for content creation platform for online curricula, including resource-level roles and ownership.
Hear from the founder
Scandinavian Government
ERP for vocational program as part of government safety net using organizations and custom rules.

What Oso Doesn't Do

Authentication & User Management

Oso assumes that you have a system in place for authenticating users and that you're storing user data elsewhere (e.g., in a database, hosted service). You can use user information as parameters in rules, but Oso is not a substitute for something like AWS Cognito or Firebase Authentication.

Infrastructure Authorization

While you can express your infrastructure policies using Oso, you'd need to build your own access gateway, proxy, or integration points to enforce them. This is possible but not documented. For this reason, you shouldn't view Oso as a replacement for things like AWS IAM or VPN tunnels.

Get started building.