What is Attribute Based Access Control (ABAC)?
Attribute Based Access Control, or ABAC, is a type of authorization based on attributes defined for a user.
Attributes, in conjunction with policies, can take RBAC and GBAC to the next level in terms of scalability.
ABAC allows you to use the attributes of a user to create relationships between roles and groups.
For example, you can imagine that as an organization scales, the complexity of access also increases. At the start, you might add a new hire to the Sales group, assigning Sales permissions, and call it a day.
However, as the sales team grows, you might need different access combinations for salespeople in different regions. You could create a “region” attribute for the user. You might then create a policy like “ If the region for this user is US West, then assign them to both the Sales team and the US West Sales team.”
Instead of having a person manually assign users to the correct groups, attributes and policies can be used to create and maintain relationships between entities.
Opal is the unified identity platform for modern enterprises. Opal aggregates identity and access data to provide visibility and defense-in-depth infrastructure for mission-critical systems. With the product, enterprises can discover anomalous identity risks and remediate them in minutes. The world's best companies trust Opal to govern and adapt sensitive access.
Want to see it yourself? Contact firstname.lastname@example.org or book a meeting here for a personalized demo.