Access control. Ways of describing on the examples of RBAC and ABAC
Have you ever had to wade through confusing access rules to data and functionality? To find out what is allowed to whom and under what conditions, and what is absolutely impossible, but if agreed upon, it can be done. And then try to structure all these rules into something suitable for understanding and implementation.
On my presentation we will:
- look at the sprcifics of describing ways for RBAC (Role-based access control),
- then look at ABAC (Attribute-based access control) application, if RBAC becomes ineffective,
- compare the two approaches, and look at other available options,
- and in the end, recall that there are different ways for front-end implementation of the same rules, which also need to be thought through.
As a result, you will receive structured, practical guidance on the application and description of access rules for RBAC and ABAC. As well as ways to avoid pitfalls.