Skip to content

Attribute Based Access Control (ABAC)#

The users of a system can have attributes attached to their account or profile by an administrative or authorised user. These attributes can be virtually anything. For example the user might have an attribute that confirms they're in a particular country. This attribute may in turn be used to indicate if they're allowed to access corporate resources hosted in that country, but not outside of it.

This kind of access control is called Attribute Based Access Control (ABAC). Attaching attributes or "traits" to users means their right to access or manipulate some resource can be validated and either accepted or rejected.