<@U04UQ68083H> we are currently looking into diffe...
# ory-copilota
alert-television-7506
12/04/2023, 1:08 PM@chilly-king-10285 we are currently looking into different options to implement fine-grained authorization for our application (that currently just uses RBAC with Auth0). The most interesting options seem to be Ory, Oso and Authzed.
One of the challenges we face is deciding which data should be centralized as part of the authorization service and which should only be kept locally by the application.
Oso has this cool feature where you can send "facts" as part of the context of an authorization request ("Hey can this user X transfer funds from this account number Y... and btw for context: this user X is part of organization Z"). This allows for a lot of flexibility in deciding which data needs to stored in a central location and which can be kept local and only passed to the authorization service at runtime when the information is needed for a specific decision.
Question: is something similar possible with Ory?
c
chilly-king-10285
12/04/2023, 1:08 PMA message from kapa.ai
chilly-king-10285
12/04/2023, 1:09 PMYes, Ory offers a similar level of flexibility and fine-grained control over authorization decisions. Ory Permissions, based on the open-source Ory Keto Permission Server, is a modern permission system that allows you to create a complete authorization system for your application or website, no matter the size or the complexity of the ACLs (access-control lists) your use case requires. Ory Permissions provides a flexible data model you can customize to fit a wide range of use cases. You can use the Ory Permission Language to create permission models that fit your exact use case - RBAC, ABAC, and beyond. This means you can define permissions as granular as
User:x is in readers of Document:y35 Views