What is ABAC?
Attribute-based access control (ABAC) is an access control model that grants or denies access to resources based on attributes assigned to users, resources, or environmental conditions.
In an ABAC model, attributes can be any type of information that can be used to describe a user, such as their role, department, location, or any other relevant contextual indicators. Similarly, attributes can also be assigned to resources, such as file types, folder names, or data classifications.
ABAC uses policies to define rules for granting or denying access based on attribute values. For example, a policy may grant access to a specific file only to users with a certain role and department attribute value. Policies can be written in a variety of formats, including XACML, JSON, and YAML.
ABAC is generally considered to be more flexible than the older role-based access control (RBAC) method where access to resources is based on a user’s role within an organization. Read our blog post on RBAC vs. ABAC vs. NGAC for more information.