← Cybersecurity Alphabet Soup

ABAC

Attribute-Based Access Control

identitymedium

ABAC makes access decisions by evaluating attributes of the user, the resource, the action, and the environment against policies. For example, a rule might allow access only if the user is in the finance department, on a managed device, and during business hours. It is more flexible than role-based control but harder to design and audit.

Sources

More in identity