You might have implemented or currently implementing RBAC i.e. Role Based Access Control but you should also know about ABAC (Attribute Based Access Control) as ABAC is more advanced than RBAC. I have tried to explain both the access controls here, I hope this will help:
Pros:
Disclaimer
All content provided on this blog is
for informational purposes only. The owner of this blog makes no
representations as to the accuracy or completeness of any information on
this site or found by following any link on this site. The owner will
not be liable for any errors or omissions in this information nor for
the availability of this information. The owner will not be liable for
any losses, injuries, or damages from the display or use of this
information
RBAC
RBAC stands for Role Based Access Control. In RBAC, access
controls are defined based on the groups/roles a user is having. It simplifies
the administration of access controls for large number of users. It’s the best
model for cross-grained access control.
Example:
- HR Administrators will get Read and Write permissions on HR Module of SAP
- IAM Role Administrators can create, update & delete any role in IAM System
Pros:
- Simplifies the management of entitlements
- Usability: complex names of entitlements can be displayed with simple names of roles
- Efficiency: improves the efficiency by providing access into various system with a single role
- Security: it assigns only those permissions to the end user which are required to perform that business function
- Easy to implement as compare to other Access Control models
- Permissions are assigned to roles rather than to users
- Reduces the no of requests as requests will be raised for roles rather than for each permission
Cons:
- Dynamic SOD implementation is not possible
- Limited scope of scalability. After a certain limit, it becomes difficult to scale this model
- Doesn’t provide fine grained access control
- Access control definition is predefined
- Need extra efforts to manage life-cycle of roles
ABAC
ABAC stands for
Attribute Based Access Control. ABAC provides the access based on attributes
associated with user or application/system. This is the advance version of RBAC
where we can achieve Fine-Grained access control. In this model, authorization
policies are defined based on the context, user attributes, application
attributes.
Example:
- Children with < 12 years of age will not get access to Movie A & Movie B
- Certain application can only be accessed by end users during work hours and from office
Pros:
- Can be used to achieve Fine-Grained access control which is the need of today’s security system
- Scalable
- Can be used with existing Access Control models like RBAC
- Dynamic Segregation of Duties
Cons:
- Complex to analyze
- Possibility of attribute explosion
Disclaimer