⭐ Attribute-Based Access Control (ABAC)
ABAC extends RBAC by introducing attributes as the basis for access control decisions, allowing more dynamic and granular access management. Instead of relying solely on predefined roles, ABAC uses the attributes of users, resources, and the environment to determine access rights.
Key Components
1. Attributes:
- User Attributes: e.g., Department, Job Title, Clearance Level.
- Resource Attributes: e.g., File Type, Data Sensitivity.
- Environmental Attributes: e.g., Time of Access, Device Used, Location.
2. Policies: Define rules based on attributes, often written in formats like JSON or XML.
Example Policy
| Condition | Access Allowed |
|-------------------------------------------|----------------------------|
| Department = "HR" AND File Type = "PDF" | View or Download Only |
| Clearance Level = "High" AND Time = "9:00 AM - 6:00 PM" | Read, Write, Delete |
💡 Benefits:
- Flexibility: Adapts to complex requirements.
- Granularity: Offers fine-tuned control over resources.
- Dynamic Security: Responds to real-time conditions like location or device type.
💡 Use Case:
ABAC is ideal for systems that require context-sensitive decisions, such as granting access to sensitive financial data only during business hours or limiting operations based on device security.
ABAC extends RBAC by introducing attributes as the basis for access control decisions, allowing more dynamic and granular access management. Instead of relying solely on predefined roles, ABAC uses the attributes of users, resources, and the environment to determine access rights.
Key Components
1. Attributes:
- User Attributes: e.g., Department, Job Title, Clearance Level.
- Resource Attributes: e.g., File Type, Data Sensitivity.
- Environmental Attributes: e.g., Time of Access, Device Used, Location.
2. Policies: Define rules based on attributes, often written in formats like JSON or XML.
Example Policy
| Condition | Access Allowed |
|-------------------------------------------|----------------------------|
| Department = "HR" AND File Type = "PDF" | View or Download Only |
| Clearance Level = "High" AND Time = "9:00 AM - 6:00 PM" | Read, Write, Delete |
💡 Benefits:
- Flexibility: Adapts to complex requirements.
- Granularity: Offers fine-tuned control over resources.
- Dynamic Security: Responds to real-time conditions like location or device type.
💡 Use Case:
ABAC is ideal for systems that require context-sensitive decisions, such as granting access to sensitive financial data only during business hours or limiting operations based on device security.