Modeling in Polar
Role-Based Access Control (RBAC)
Resource Sharing

Resource Sharing

Grant access on a resource to a specific person.

To achieve this, we'll define roles on that resource. We'll often also want to use roles to control who is allowed to share a resource.

Oso Policy

actor User { }

resource Repository {
roles = ["reader", "admin"];
permissions = ["read", "invite"];

"read" if "reader";
"invite" if "admin";
}

test "admin can invite readers" {
setup {
has_role(User{"alice"}, "admin", Repository{"anvil"});
has_role(User{"bob"}, "reader", Repository{"anvil"});
}

assert allow(User{"alice"}, "invite", Repository{"anvil"});
assert allow(User{"bob"}, "read", Repository{"anvil"});
}
Custom Roles