Authorization that takes you upmarket
Get enterprise-grade RBAC so you can land bigger customers – without redoing your application architecture.
Loved by Platform Engineering Teams
What is Oso?
- Oso is authorization as a service, like LaunchDarkly is feature flags as a service or Auth0 is authentication as a service
- Oso exposes an API that can answer any permissions question, like:
- Can user X perform action Y on resource Z?
- Which resources can user P perform action Q on?
- Why did user X get access to resource Y?
Local authorization
Authorization over your data in Postgres
High availability
Runs in 20+ regions for 99.99% uptime
Performance
<10 ms latency and up to 1M reads/sec
Extensible
RBAC, ReBAC, and ABAC
RBAC, ReBAC, and ABAC
Deterministic
Testable, debuggable, observable
Testable, debuggable, observable
Run anywhere
Cloud, hybrid, or on-prem
Cloud, hybrid, or on-prem
Built in 🦀 Rust, hardened by thousands of engineering teams
Why Oso?
- The only authorization service that doesn’t force you to rethink your application architecture, enabling you to ship basic RBAC, fine-grained permissions, and custom roles in weeks
- No syncing required – Oso authorizes locally using your existing database
- Roll out Oso incrementally across your services and apps
- When needed, you can centralize shared permissions data in Oso Cloud
How Oso works
- Write your authorization rules in Polar, Oso’s DSL for authorization
- Tell Oso about your database schema
- Call the Oso API to ask any authorization question
- Oso generates SQL filters, which you run locally against your database and, optionally, shared permissions data in Oso Cloud
Why authorization as a service?
- Ship changes fast and reduce errors by decoupling authorization code from business logic
- Ensure security and correctness
- Eliminate duplicate effort by having a shared capability across teams, like authentication or feature flags
- Transition to microservices successfully