Product
Express your policy as code in a single place, making it easy to write, test, debug and audit even the most complex authorization logic.
POLICY AS CODE
Use a structured interface for expressing authorization with extensible building blocks, while keeping the flexibility to define whatever logic you need for your use case.
VISUALIZE
Explore the users, endpoints and every other element of your policy visually to reason about complex relationships, inform design decisions, and debug issues.
TEST & REVIEW
Write tests over your policy using frameworks like pytest or JUnit, and incorporate it into your security review process.
AUDIT
Get an audit trail of every request and permission change in your application, including output showing why requests were authorized or rejected.
Use Cases
Roles & Permissions
Add roles, groups, attributes, and user-configurable permissions to support the enterprise-grade features your customers ask for.
Custom Policies
Give your customers the ability to write custom rules and policies for your application – like your own version of AWS IAM.
Internal Apps
Provide fine-grained controls for your support and sales teams accessing customer data to meet compliance requirements and ensure a least-privilege security posture.
Who oso is for
-
Development teams that devote roadmap to building and maintaining access control schemes, debugging authorization issues, and scaling authorization across multiple services.
-
Security teams that want guardrails, visibility and auditing for access control without impacting developer velocity.