Attribute Based Access Control, or ABAC, is a type of authorization based on attributes defined for a user.
Birthright access is a type of access management that grants users access to all resources, systems, and applications within an organization by default, based on their role or job title
Reserved for emergencies, breakglass access allows authorized employees to bypass normal access controls to gain immediate access to critical systems
Context based access management uses contextual information, such as location, time, device type, and user behavior, to determine whether to grant access to a resource or not.
Group Based Access Control, or GBAC, is a form of authorization based on groups defined for a user.
Identity governance administration (IGA) is the process of managing user identities and permissions within an organization
Just-in-time access (JIT access) allows users to gain access to resources on an as-needed basis, for a limited time, and only for the specific task or function they need to perform.
Least privilege is a principle in access management that states that users should be granted only the minimum level of access required to perform their job functions or tasks. This limits user access to resources and reduces the risk of accidental or intentional misuse or exposure of sensitive data
On-Call access management is about applying the principle of least privilege during on-call schedules, ensuring that the right people have the right level of access for the right amount of time
Permissions are the atomic building block of access. In a subject-object-verb structure of access, permissions are the verb of access.
Privileged access management (PAM) is the process of managing and monitoring access to critical systems and resources by privileged users, such as system administrators
A resource is a fundamental part of the access vocabulary. In a subject-object-verb structure of access, a resource is the object being accessed.
Role Based Access Control, or RBAC, is one type of authorization based on roles defined for a user.
A role is simply a collection of permissions. If a user assumes a role, they can take any of the actions associated with those permissions.
SAML is primarily used for single sign-on (SSO) authentication between applications or systems. It is a standard for exchanging authentication data between an identity provider (such as Okta or Azure AD) and a service provider (such as AWS or Salesforce)).
SCIM is a standard for automating user provisioning. It is used to manage user identities across multiple systems and domains, ensuring that user data is consistent across different platforms
Session-based access management is a form of access control that grants temporary access to users for a specific session, instead of providing permanent access through static credentials
It makes sense to think of access in a subject-object-verb model.