Security

Attribute-Based Access Control (ABAC)

An access control method that evaluates attributes (user, resource, environment) against policies to make authorization decisions, enabling fine-grained access control.

Also known as:ABACAttribute Based Access Control

What is Attribute-Based Access Control?

Attribute-Based Access Control (ABAC) is an authorization model that evaluates attributes (or characteristics) rather than roles to determine access. It considers attributes of the user, resource, action, and environment to make fine-grained access decisions.

Attribute Categories

Subject Attributes

  • Department
  • Clearance level
  • Job title
  • Training completed

Resource Attributes

  • Classification level
  • Owner
  • Type
  • Creation date

Action Attributes

  • Read, write, delete
  • Approve, submit

Environment Attributes

  • Time of day
  • Location
  • Device type
  • Network zone

ABAC vs. RBAC

ABACRBAC
Attribute-basedRole-based
Fine-grainedCoarse-grained
Dynamic policiesStatic assignments
Complex to manageSimpler to manage
Context-awarePosition-based

Policy Example

IF subject.department == "Engineering"
AND resource.classification == "Internal"
AND action == "read"
AND environment.network == "Corporate"
THEN permit

Benefits

  • Granular access control
  • Context-aware decisions
  • Reduced role explosion
  • Dynamic authorization
  • Compliance support
Previous

Attack Surface

Next

Audit Log