ABAC
← Back to Authorization Models
Attribute-Based Access Control makes authorization decisions based on attributes of the user, resource, action, and environment. More flexible than RBAC (e.g., “allow if user.department == resource.department AND time is business hours”) but more complex to manage and audit.