blog
Open Menu
Product
Solutions
Resources
PrIcing
Guide Downloads
Access Control Basics

Guide to Attribute-Based Access Control (ABAC)

By Guest Post
August 26, 2019

Attribute-Based Access Control (ABAC)

Attribute-based access control is a model inspired by role-based access control. The basis of the attribute-based access control is about defining a set of attributes for the elements of your system. This model comprises of several components.

  • Attribute. This refers to the character of elements within the network. It is also used to refer to user characteristics such as clearance level, department, position or even IP address. It can refer to object characteristics such as creator, sensitivity, and type among other things. An attribute can also refer to the characteristics of the environment such as location, time and date.
  • Type of action. The action  being performed on the network. For example: copying, pasting, deleting, reading or writing?
  • Subject. This is any person or resource that can perform actions within the network. The subject is also assigned attributes to determine their clearance level.
  • Object. An object is any data that is stored in the network. They are assigned attributes to enable description and identification. 
  • Policy. A set of rules used to govern all operations in the network.

In the ABAC model, you can make use of attributes that haven’t been registered but still, this will be visible in the work process. It is a model that can be used in organizations of different sizes but the best capacity is within a large organization.

5d2365b5683bb9bf3f7334ca
template-1
container

ABAC requires plenty of time and effort when it comes to deployment and configuration. This is because all attributes of the system must be defined. This is done manually. Policies, too, have to be created so that they can be copied for every new user and resource. With ABAC model, attributes can be modified to suit the needs of a user without necessarily creating a new role for them. It is these attributes that make ABAC a more polished system than the Role-Based Access Control model (RBAC).

Attribute-Based Access Control vs Role-Based Access Control

Data access is always evolving so as to meet the various challenges that businesses are facing in this age of unlimited data. Today’s standard is none other than ABAC. Its a model that ensures that information is retrieved when required and under the right circumstances.

RBAC Benefits and Limitations

RBAC was once the most popular mode of restricting access to a secure space. Its main advantage is that there is no need for companies to authorize or revoke access individually. With this system users are brought together as per their roles. This makes work easier but setting up is not an easy task. 

Limitations

  • Rules cannot be setup using unknown parameters
  • Permissions are only assigned to user roles
  • Access can be restricted to certain actions in the system but not to certain data

ABAC Benefits and Limitations

The main benefit of the ABAC model is that access is granted not on the basis of the user but on the attributes of every component in the system. This means that every rule no matter how complex can be described. The attributes of subjects and resources not yet entered into the system can be evaluated.

Limitations

  • Policies have to be specified and maintained making this type of system difficult to configure.
  • It is difficult to perform a fact audit prior to determining the permissions that will be availed to the end-user.
  • It could be almost impossible to measure the risk exposure for any given position.

 How It All Comes Together

This is a multi- dimensional access control system and with its attributes it ensures the following:

  • Increased scalability
  • Prevention of role explosion
  • Eliminates SoD conflicts
  • Eases authorization for management control

What all this means is that the authorization process is dynamic since it involves evaluating an entire context. The attributes of a particular scenario will come from several sources such as the application and the environment. The key attributes, in turn, trigger the policy and then the rules are evaluated. The next step is the collection of the required attributes by the authorization engine. This is the only way the decision process can be completed. 

In a Nutshell

ABAC is not just for granting or denying access to data. There is also data masking to ensure the protection of sensitive information whilst permitting sharing. This means the redaction of sensitive data items. According to experts, 70% of companies will be using ABAC by 2020. And even though it might be a model that comes with its fair share of limitations such as the impossibility of measuring risk exposure, the making of policies gives the management the upper hand from the word go plus it checks on every attribute. Isn’t it just good to know you decide the kind of access users can have to your data?

Guest Post

Related Articles

Door Security Hardware Overview
December 9, 2019
Introducing Kisi for Slack: Unlock Your Office Door With Slack
September 11, 2018
Access Control Security Essentials
December 9, 2019
Fail Safe vs Fail Secure
Best Resources
Access Control - Sample RFP
Physical Security Assessments
Mobile Access Technology from Kisi
Employee Spotlight - Karen
Smart Door Alerts
Digital Employee Badge
Chat with Founders
Device Management
Hacking HID Keycard with $10 Device
Hacking HID with Wiegand Protocol Vulnerability
Copy prox HID ID Card
Workplace Tool Deployment
Access Control API
WiFi Speed Test Apps
Communication Protocols Used by IoT
Kisi for Slack
Building a Slack Doorbell
AC Installation Costs and Price per Door
Name Badge Templates
HIPAA Compliant
Cutting Slack
Solutions for Old Key Fobs
SEO for Coworking Space Websites in 2020
Office Security
IoT in Physical Security
Smart Locks Hacked By Bluetooth
Beacon Security Issues
Running a Successful Coworking Space
Kisi iOS 4.0.0 Release
IT Budget Planning
3 Tips for Coworking Spaces
Choosing Electrical Contractor
NICU Security
Signs to Change Access Control
Top 3 Safety and Security Tips for Airbnb Hosts
What is IoT?
Microchip Tagging Oneself
Office Design Productivity
7 Tips to Prevent Cloud Security Threats
Coworking vs Facility Management
Benefits of Cloud Access Control
Avoiding Locksmith Scams
10 Cloud Tools
Carrying Out Vendor Security Assessments
Ultimate Real Estate Apps Guide
6 Layers of Security Your IoT Setup Needs
Internet Of Things in the Workplace
2018 Most Influential People in Coworking
Top HR Influencers to Watch in 2018
Employee Spotlight - Jorge
Types of Physical Security Threats
HID Card Types
Remote IT Management
Identity Access Management Tools
Access Control System Maintenance
How Do Hotel Key Cards Work
Physical and Cyber Security Convergence
How to Set Up Your Enterprise WiFi
Step-by-Step Tutorial: How to Copy or Clone Access Cards and Key Fobs
GDPR Public Announcement
How to Calculate Facility Code Using Card Bit Calculators
Authentication Protocol Overview: OAuth2, SAML, LDAP, RADIUS, Kerberos
How to Avoid a Demagnetized Key Card or Key Fob
HID iClass SE Reader - Take a look inside the components | Kisi
How to Share Your Company WiFi Password Securely
Equipment Leasing Models
Magnetic door lock troubleshooting
On and Offboarding
Employee Spotlight - Alberto
Door Entry System Options For Gyms
Church Security Policy and Procedures
School Security, Safety and Access Control for Plan Education
Hospital Access Control
Employee Spotlight - Nate
3 Types of Cloud Access Control for Elevators Using Kisi
The 2 Burglar Alarm Options for Offices: Simplified With Kisi’s Access Control
Employee Spotlight - Jamie
How IoT Drives the Convergence of Cyber and Physical Security
Security in Shared Workspaces: Necessity or Business Enabler?
Kisi Implements Free Access Card Security Test
Converting Corporate Headquarters to Coworking With 24/7 Access Control
Interview With Workspace Strategies
Keyless Access Control for Flexible Workspaces
iWatch Series 4 Release: Did You See That Apple Door Reader?
Internet of Things Technologies in Smart Buildings for Flexible Workspaces
Kisi Named to Inc. 500 List of Fastest Growing Companies (2018)
IoT Marks the Convergence of Physical Security and Cybersecurity
The Future of Self-Storage: Q&A With StoreMe
How to Design and Equip a Best-in-Class Conference Room
The IT Experience on Becoming a Certified Google Administrator
Using Modular and Flex Spaces to Foster Collaboration
Security, Scalability and Growth: Toward a Comprehensive IT Strategy
Employee Spotlight: Mateusz
Daycare Security Measures: Door Locks, Unauthorized Access and Security Breaches
Everything You Need to Know About Warehouse Security
Synagogue Security Plan and Safety Procedures
Cannabis Security Plan
Yubico Review | Hardware Authentication Tokens for Two Factor
Access Control Basics
Useful Resources