Manage Authorization Data

Manage Authorization Data

Oso Cloud uses data from your application to make authorization decisions. Your authorization rules declare abstract logic like anyone with the member role on an organization is allowed to view it, but it doesn't say which users have the member role on which organizations. That's where authorization data comes in, in the form of facts.

Facts are pieces of authorization data that your application sends to Oso Cloud. Facts have a name and generally 2-3 arguments. Here are some example facts:


# Alice has the "member" role on the ACME organization.
has_role(User{"Alice"}, "member", Organization{"ACME"});
# The Anvils repository's parent organization is ACME.
has_relation(Repository{"Anvils"}, "parent_organization", Organization{"ACME"});

The Oso Cloud Data Model guide contains more details about what facts are. The rest of this guide focuses on managing facts in Oso Cloud from development to production.

This section provides some guides for how to manage the data that is stored in Oso.