Oso is what engineering teams use when they're done rolling their own permissions. It lets your application answer questions like “can this user read that document?” or “which objects can this agent manage?” by defining your authorization logic centrally, plugging in your application data, and calling the Oso API to enforce permissions across apps, RAG, and agents—available in the cloud or self-hosted.
Use Oso for fine grained access control with your ORM
For folks using FastAPI / FastMCP along with SQLAlchemy for RAG pipelines, MCP servers and agentic workflows, this integration provides fine grained access control on the ORM layer itself.
Howdy Hunters! This SQLAlchemy integration enables fine grained access control on the ORM layer to protect your data with authorization from Oso. Rather than depending on non-deterministic prompting, you can use Oso policies to ensure your users and agents can access only the data for which they are permitted.
We can't wait to see what you build.
Big fans of Oso here at Intercom, it flawlessly powers some pretty gnarly authorization requirements across our web application and APIs at large scale. I can strongly recommend Oso to companies who struggle with building out/ maintain consistent, scalable and reliable permissions systems in their applications. Migrating our authorization system to Oso has removed entire classes of bug reports and inconsistencies in our product.
Formula 1 Bingo