ABAC, short for Attribute-Based Access Control, is essentially an authorisation model that judges the characteristics or attributes before roles to grant access.
The main objective of such a model is to protect things like IT resources, networks and data from any malicious or unauthorised activity. In simpler terms, it prohibits those that lack ‘approved’ characteristics as per the security policies of the organisation from accessing sensitive information.
What Are The Primary Components Of ABAC?
With this form of access control, the company’s access policies make access decisions based on the characteristics of the subject, action, resource and environment involved in the event.
- Subject:
The subject mainly refers to the user who is requesting to access the information. The characteristics these programs mainly check include the group memberships, job roles, ID, organisational and departmental memberships, clearance and other relevant identifying criteria. ABAC often gathers this data from HR or from the authentication tokens used during login.
- Resource:
The resource is the file or asset that the subject is trying to access. Resource characteristics are all identifying characteristics, like the modified date, creation date, file name or type, etc.
- Action:
Action is said to be the ulterior motive of the subject. In other words, what they want to do with access to the resource. Some of the most common action attributes consist of ‘write’, ‘edit’, ‘copy’ and even ‘delete.’
- Environment:
In its broad sense, the environment is in the context of every access request. Every environment character is related to contextual factors like the location and time of access, the device use, communication protocol and more. With such information, you can establish risk signals that help you avoid any such issues in the future.
Now that you know what’s abac and all of its main components, make sure your IT department can use this information to your organisation’s benefit.