Build Role-Based Access Control

When managing access to resources within an application, it can be useful to group permissions into roles, and assign these roles to users. This is known as Role-Based Access Control (RBAC). The Oso Roles feature provides a configuration-based approach to adding role-based access control to your application.

The roles feature includes:

  • Role configuration - Declarative configuration for roles and permissions for each resource. The roles configuration supports multi-tenancy, resource-specific roles, and hierarchical roles. Groups and custom roles are coming soon.
  • Enforcement - Enforce authorization consistently throughout your application routing and data access layers.
  • Last-mile customizations - Extend authorization logic for each resource by writing custom policies using Polar, Oso’s declarative policy language.


If you are using SQLAlchemy to manage your application data, you can use the Oso Roles for SQLAlchemy feature in the sqlalchemy-oso framework integration to additionally handle:

  • Data management - Manage user role assignments in your database, linking with your resource data.
  • End-user configuration - Expose authorization configuration to end users using Oso’s role data API.

Check out the library documentation for SQLAlchemy

Get started

Continue on to the getting started guide to see how to add Oso Roles to a Python application.

Tell our engineers what it's like