attribute-based access control (ABAC)

Attribute-Based Access Control (ABAC) is a feature-based access control. In ABAC authorization, attributes are used for access control, whose properties describe the instances.

The attributes used in ABAC access control can be related to clients, employees or resources. The evaluation of the attributes is subject to defined guidelines. The attributes are written in the structured description language Extensible Access Control Markup Language( XACML). They contain all the properties of the instances that are relevant for access authorization. By combining multiple attributes, ABAC access controls with dedicated functionality can be formed. For example, an attribute can specify that all employees working in service have access to spare parts availability.

In addition to the aforementioned attribute-based ABAC access control method, there is also role-based Role-Based Access Control( RBAC) and rule-based Policy-Based Access Control (PBAC).