Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Is it possible for admins to store data on users but not allow the user to update that data?

I think you are looking for this feature:
<https://github.com/ory/kratos/issues/117>

No, I don't want it immutable. What I'd like to do is have an admin configure some data on users. We use OPA for authz, which isn't the most user friendly experience for admins. I'd like to set an initial OPA policy that says something like "allow any user to do X when the user's foo == bar" and where "foo" is data from Kratos.

That way we can create a GUI for admins to store key value pairs in Kratos for user related info and have it affect authz.

What about this feature: <https://github.com/ory/kratos/issues/47>

That sounds exactly like what I'm looking for.