Attribute Based Access Control (ABAC)

Attribute Based Access Control, or ABAC, is a type of authorization based on attributes defined for a user.

Attributes, in conjunction with policies, can take RBAC and GBAC to the next level in terms of scalability. ABAC allows you to use the attributes of a user to create relationships between roles and groups. For example, you can imagine that as an organization scales, the complexity of access also increases. At the start, you might add a new hire to the Sales group, assigning Sales permissions, and call it a day. However, as the sales team grows, you might need different access combinations for salespeople in different regions. You could create a “region” attribute for the user. You might then create a policy like “ If the region for this user is US West, then assign them to both the Sales team and the US West Sales team.” Instead of having a person manually assign users to the correct groups, attributes and policies can be used to create and maintain relationships between entities.