RBAC / ABAC

Access Control Management

Understanding the two pillars of enforcing permissions in applications are through Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC).

RBAC/ABAC what's the difference?

RBAC manages access controls on the basis of user roles. Using RBAC, the permissions attached to a role define what actions those users can take. Access level can be influenced by the seniority of a user or by whether the asset they are accessing is critical to their everyday work (use case).

ABAC manages access controls on the basis of attributes. Attributes are a set of data properties, to determine who has access to what resources. Attributes include those related to identity, resources, environment or policies. Attributes can include anything from the geo-location of identities, job titles, IP addresses, devices, and much more.

Elastic and build.security: Shifting left together to secure the cloudElastic Blog

Elastic and build.security: Shifting left together to secure the cloudElastic Blog