Advertisement

Attribute-Based Access Control (ABAC)

What does Attribute-Based Access Control (ABAC) mean?

Attribute-based access control (ABAC) is a different approach to access control in which access rights are granted through the use of policies made up of attributes working together. ABAC uses attributes as the building blocks to define access control rules and access requests. This is done through a structured language called the eXtensible Access Control Markup Language (XACML), which is as easy to read or write as a natural language.

Advertisement

Techopedia explains Attribute-Based Access Control (ABAC)

In an attribute-based access control system, any type of attribute such as user attributes and resource attributes are used to determine access. These attributes are compared to defined static values or even to other attributes, which turns it into a relation-based access control. Attributes come in key-value pairs such as "Role=Supervisor," which can be used to limit access to a certain feature of a system. In this case only users with the designation of supervisor or higher can be given access to that feature or system.

In an ABAC system, rules are written using XACML. For example, a rule could state:

"Permit managers to access financial data provided they are from finance department."

This would allow users with attributes of Role=Manager and Department=Finance to access data with the attributes of Category=Financial. This leaves other types of users from even getting to the login screen and preventing certain types of attacks like brute force and library attacks.

Advertisement

Share this Term

  • Facebook
  • LinkedIn
  • Twitter

Survey: Why Is There Still a Gender Gap in Tech?

Do you work in the tech industry? Help us learn more about why the gender gap still exists in tech by taking this quick survey! Survey respondents will also be entered to win a $100 Amazon Gift Card!

Related Reading

Tags

SecurityData Management

Trending Articles

Newest Articles

Go back to top