What is Attribute-Based Access Control (ABAC)?
D1 ยท General ยท CompTIA Security+ SY0-701ABAC (Attribute-Based Access Control) is the most flexible access control model, making access decisions based on policies that evaluate multiple attributes: subject attributes (user role, department, clearance), object attributes (classification, owner), and environmental attributes (time, location, device type).
Example policy: "Allow access to financial records IF user is in Finance department AND using a corporate device AND it is business hours AND user is in the office."
Also called PBAC (Policy-Based Access Control).
Example policy: "Allow access to financial records IF user is in Finance department AND using a corporate device AND it is business hours AND user is in the office."
Also called PBAC (Policy-Based Access Control).
ABAC is the most granular and flexible access control model. It's the foundation of zero trust access decisions. More complex to administer than RBAC but much more powerful. RBAC = who you are (role). ABAC = who you are + what you're accessing + how/when/where you're accessing it.