[mkdirp]

As in OPA determines if a user has access to a resource? Do you have some resources on how to do this?

[ogazitt]

You do need to have a strategy for how to load the resource mappings into the OPA engine. If they don't change very much you could embed them in the data.json file of the OPA policy itself. But more often than not, that data is changed often (e.g. when someone grants someone else access to a resource). In that case, you'll need the OPA engine to query an external data store via an HTTP request. Or you can use a resource cache, the way we do at Aserto.

Here's a blog post [0] about the challenges we faced when using OPA for application authorization.

[0] https://www.aserto.com/blog/the-challenges-of-using-opa-for-...

[qbasic_forever]

OPA has a whole policy language to define how people have access to resources however you please. See details here: https://www.openpolicyagent.org/docs/latest/policy-language/