Identity & Access
Attribute-Based Access Control (ABAC)
Also known as: ABAC, Policy-based access control
Definition
An authorization model that evaluates policies over attributes of the subject, resource, action, and environment to decide whether to allow an access request.
Examples
- An OPA policy allowing access only if user.region == resource.region and device.compliant == true.
- A XACML rule restricting export of personal data to EU users from EU IP ranges.
Related terms
Role-Based Access Control (RBAC)
An authorization model that grants permissions to roles rather than directly to users, so users inherit access by virtue of their role assignments.
Mandatory Access Control (MAC)
An access-control model in which a central policy — not the resource owner — enforces access decisions based on classifications and clearances assigned to subjects and objects.
Discretionary Access Control (DAC)
An access-control model in which the owner of a resource decides who can access it and what operations they can perform.
Authorization
The process of deciding what an already-authenticated identity is allowed to do — which resources, actions and conditions are permitted.
Zero Trust Network
Zero Trust Network — definition coming soon.
Principle of Least Privilege
A security principle that grants every user, process, or service only the minimum privileges strictly required to perform its function — no more.