Resource Sharing

Grant access on a resource to a specific person.

To achieve this, we'll define roles on that resource. We'll often also want to use roles to control who is allowed to share a resource.

Oso Policy


actor User { }
resource Repository {
  roles = ["reader", "admin"];
  permissions = ["read", "invite"];
  "read" if "reader";
  "invite" if "admin";
}
test "admin can invite readers" {
  setup {
    has_role(User{"alice"}, "admin", Repository{"anvil"});
    has_role(User{"bob"}, "reader", Repository{"anvil"});
  }
  assert allow(User{"alice"}, "invite", Repository{"anvil"});
  assert allow(User{"bob"}, "read", Repository{"anvil"});
}

Custom Roles