Oso's Blog

Learn how to simplify and scale your authorization tests in Oso Cloud using assert variables and the iff operator. Write fewer test cases, validate multiple permissions at once, and ensure your access control policies stay correct as they grow.

Oso Sync ensures your authorization data stays consistent between your app and Oso Cloud by detecting and fixing data drift caused by issues like latency or manual changes. It supports PostgreSQL, MongoDB, and CSVs for other databases, offering both reporting and automatic updates.

Use Oso Cloud, OpenAI, and Supabase to build a permissions-aware RAG chatbot, so users only see context from documents they have permission to view.

Duolingo migrated to Oso to simplify authorization and improve developer productivity. Previously, permission changes took hours or even days—now, they take minutes. In this interview, Tom Whittaker, Senior Engineering Manager at Duolingo, shares how Oso helped them focus on core business features instead of workarounds. Watch the full story and explore real-world authorization insights from top engineering teams.

List filtering is the process of retrieving only the data a user is authorized to access, rather than fetching everything and filtering in-memory. In an LLM chatbot, this means ensuring users only see responses or documents they have permission for. Instead of checking authorization for each item one by one, which is slow at scale, Oso Cloud provides two efficient methods: centralized filtering, where the chatbot queries Oso Cloud for a list of authorized item IDs before retrieving them from the database, and local filtering, where Oso Cloud generates a database filter to apply directly in SQL, reducing unnecessary data transfers.

Accordingly, vector databases were positioned to be the next it category of data storage—following previous waves that targeted search (e.g. Elastic), unstructured data (e.g. MongoDB), and analytical data (e.g. ClickHouse). Today, however, it’s unclear if vector databases will remain a standalone category. A vector database is more of a conduit for language models—the models do the heavy-lifting, handling vectorizations (i.e. creating embeddings) and re-ranking. Accordingly, the database depends on these models to carry-out vector search. This raises the question: are vector databases actually an independent category, or is vector search just a need-to-have feature of today’s databases? 

Oso’s team offsite at Hemlock Neversink was all about bonding, strategy, and fun—goat hikes, team workshops, and even casino lessons in access control. We returned recharged, motivated, and stronger than ever. Want to join us next time? We’re hiring!

List filtering is the process of retrieving only the data a user is authorized to access, rather than fetching everything and filtering in-memory. In an LLM chatbot, this means ensuring users only see responses or documents they have permission for. Instead of checking authorization for each item one by one, which is slow at scale, Oso Cloud provides two efficient methods: centralized filtering, where the chatbot queries Oso Cloud for a list of authorized item IDs before retrieving them from the database, and local filtering, where Oso Cloud generates a database filter to apply directly in SQL, reducing unnecessary data transfers.

Join our upcoming O’Reilly SuperStream: Retrieval-Augmented Generation (RAG) in Production.

We just led a webinar on Fine-Grained Authorization in Python, watch to learn more about whether it is the best approach to secure your application permissions.

Evan Ziebart, Software Engineer at Duolingo, takes us through their journey from a home-grown solution to moving to Oso and hugely simplifying their process for managing user permissions.

Find out the hidden complexities of CRM authorization and learn how to do recursive authorization with Oso

Master resource-specific roles with Oso. Learn scalable permissions like Google Docs, GitHub, and Figma using Polar examples for flexible authorization.

How Oso provides EMR apps with the flexibility they need

The updates to Oso’s Local Authorization in the V2 SDKs make it easier to build flexible authorization workflows.

Fallback ensures your app remains up and operational, even in the case of an unexpected Oso Cloud outage.

We just led a webinar on How Google handles Authorization at scale, watch to learn more about whether it is the best approach to secure your application permissions

ReBAC - especially Google Zanzibar's implementation of it - is the wrong abstraction for authorization.

Simplified fact management and powerful query builder API's - and much more!

Simplified fact management and powerful query builder API's - and much more!

A look into the pros and cons of using TypeScript versus JavaScript, plus some thoughts on why there is so much drama around them lately.

A new set of reference material to help users take Oso into prod

Ashwyn Nair, Senior Software Engineer at Sensat, dives into how Oso has helped them create a safe space for their users to have full control over who can access their data.

Generate TypeScript types from your Polar policy - and much more!

Polar now has its own language server implementation, making it easier to write your authentication policies