ABAC

Attribute-Based Access Control

ABAC stands for Attribute-Based Access Control. It is an access control model that determines access permissions based on attributes associated with users, resources, and the current context. In ABAC, policies are defined using attributes, and access decisions are made by evaluating these attributes against the conditions specified in the policies.

Key components of ABAC include:

  1. Attributes: properties associated with entities such as users, resources, and the context (environment). These attributes can include user roles, department, time of day, location, relation with other users, and other relevant factors.

  2. Rules: Rules in ABAC define the conditions under which access to resources is allowed or denied. These rules are expressed using attributes and relations. For example, a policy might state that only users with the role “Manager” are allowed to access a certain type of document.

  3. Access Requests: When a user attempts to access a resource, an access request is made. This request includes the user’s attributes, the resource’s attributes, and any other relevant contextual information.

  4. Policy Evaluation: The PDP (Policy Decision Point) evaluates the access request against the defined policies. The decision to grant or deny access is based on whether the attributes in the request match the conditions specified in the rules.

ABAC is known for its flexibility and granularity in access control. It allows organizations to define fine-grained authorizations.

Last updated