📋
A Journey From IT to IT Security
  • IT Training Resources
  • IT Security Roles
    • Web Application Security Specialist
      • Training Guide
      • Self-hosted Training Lab
        • Vulnerable Web Apps
      • Web Security testing Methodology
        • 1 Footprinting
        • 2 Scanning
        • 3 Enumeration
        • 4 Gaining Access
        • 5 Maintain Access
        • 6 Covering Tracks
        • 7 Vulnerability assessment
    • DevSecOps Engineer
      • Training Guide
      • Building a DevSecOps CD/CI Pipeline
        • Self-hosted DevOps CD/CI platforms
        • Software Component Analysis (SCA)
        • Static Application Security Testing (SAST)
        • Dynamic Application Security Testing (DAST)
        • System Hardening
        • System Compliance Analysis
        • Vulnerability Analysis
      • Ready-to-use and train DevSecOps CD/CI Pipeline
    • Chief Information Security Officer (CISO)
    • Digital Forensics Investigator
      • Forensics Methodology
    • Cloud Security Engineer
      • Getting started with kubernetes
  • Resources
    • IT Basics
      • Networking Basics Study Guide
      • RBAC / ABAC
      • Anonymous Surfing
      • Python Programming
      • Infrastructure as code
      • Containers
        • Docker
        • Docker security
      • The Security Development Lifecycle (SDL)
    • Literature
    • Useful Tool Tutorials
    • Useful Online Tools
    • Exploits
  • Unsorted
    • Gitlab-ci with docker-compose
Powered by GitBook
On this page
  1. Resources
  2. IT Basics

RBAC / ABAC

Access Control Management

PreviousNetworking Basics Study GuideNextAnonymous Surfing

Last updated 4 years ago

Understanding the two pillars of enforcing permissions in applications are through Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC).

RBAC/ABAC what's the difference?

RBAC manages access controls on the basis of user roles. Using RBAC, the permissions attached to a role define what actions those users can take. Access level can be influenced by the seniority of a user or by whether the asset they are accessing is critical to their everyday work (use case).

ABAC manages access controls on the basis of attributes. Attributes are a set of data properties, to determine who has access to what resources. Attributes include those related to identity, resources, environment or policies. Attributes can include anything from the geo-location of identities, job titles, IP addresses, devices, and much more.

LogoElastic and build.security: Shifting left together to secure the cloudElastic Blog
LogoElastic and build.security: Shifting left together to secure the cloudElastic Blog