Authorization that takes you upmarket

Get enterprise-grade RBAC so you can land bigger customers – without redoing your application architecture.

Loved by Platform Engineering Teams

What is Oso?

  • Oso is authorization as a service, like LaunchDarkly is feature flags as a service or Auth0 is authentication as a service
  • Oso exposes an API that can answer any permissions question, like:
    • Can user X perform action Y on resource Z?
    • Which resources can user P perform action Q on?
    • Why did user X get access to resource Y?

Local authorization
Authorization over your data in Postgres

High availability
Runs in 20+ regions for 99.99% uptime

Performance
<10 ms latency and up to 1M reads/sec

Extensible
RBAC, ReBAC, and ABAC
Deterministic
Testable, debuggable, observable
Run anywhere
‍‍
Cloud, hybrid, or on-prem
Built in 🦀 Rust, hardened by thousands of engineering teams

Why Oso?

  • The only authorization service that doesn’t force you to rethink your application architecture, enabling you to ship basic RBAC, fine-grained permissions, and custom roles in weeks
  • No syncing required – Oso authorizes locally using your existing database
  • Roll out Oso incrementally across your services and apps
  • When needed, you can centralize shared permissions data in Oso Cloud

How Oso works

  • Write your authorization rules in Polar, Oso’s DSL for authorization
  • Tell Oso about your database schema
  • Call the Oso API to ask any authorization question
  • Oso generates SQL filters, which you run locally against your database and, optionally, shared permissions data in Oso Cloud

Why authorization as a service?

  • Ship changes fast and reduce errors by decoupling authorization code from business logic
  • Ensure security and correctness
  • Eliminate duplicate effort by having a shared capability across teams, like authentication or feature flags
  • Transition to microservices successfully

Learn authorization best practices

Read a series of technical guides that explains how to build authorization into your app, including architecture, modeling patterns, enforcement, and more — whether you use Oso or not.
Read Authorization Academy

Loved by Developers

“I'm sold on this way ahead for the known future. Oso has nailed the abstractions. That’s the hardest part to get right, and the hardest part to change later.”

Will Flynt
Principal Engineer, Amazon

“We needed to manage authorization across all of our new microservices. The answer was the Oso authorization framework."

Nicholas Matison
Senior Engineer, Wayfair

“Oso is A+. As we moved upmarket, being able to implement authz consistently and accurately helped us move faster and resolved a never-ending source of bugs.”

Brian Scanlan
Engineer, Intercom

“It used to take us months to add new roles. With Oso we cut that time 10x. The Oso team has also been very helpful, making our migration super smooth.”

Derick Matamoros
Lead Engineer, Oyster HR

“We reviewed multiple solutions – Oso came out on top for its devex, scalable and consistent performance, and the flexibility to match all our needs.”

Jiří Brunclík,
VP Engineering, Productboard

“The ability to do authorization queries over data in our existing database reduces architectural complexity and is a big technical win for us."

Anthony Cristiano
Staff Software Engineer, Headway

“Oso has been huge for us. It has the most intuitive model. It’s the most mature, and has the best tooling and docs. And the support has been unreal.”

Raven Jiang
CTO, Arc

“We assessed many options (including building in-house) and we chose Oso for its local/cloud architecture, 99.99% uptime, and in-depth domain knowledge."

Guhan Venguswamy
Head of Platform Engineering, Jasper.ai

“Oso was the fastest path to building roles and has been incredible – easy to wrap our heads around, great docs, and makes life much simpler.”

KC Chintalapati
Engineer, Fiddler

Let's see some code.