Policy-Based Access Control (PBAC) is a method of managing user access to one or more systems. With PBAC, the organizational role of the user is combined with access policies to determine exactly what privileges the user should be granted. Unlike RBAC, Policy-Based Access Control is an ever-evolving type of access control necessitated by ever-evolving data usage needs.
With PBAC identifying information along with contextual factors such as roles, attributes and policies are used to determine whether or not a user should be provided access to certain resources. This enables a more dynamic policy enforcement and, among other things, provides a business with the ability to adjust on the fly and stay current with changing business or legal dynamics.
PBAC is a method of providing access to typically sensitive business assets based on a set of policies. Policy-Based Access Control typically weighs four kinds of attributes to determine if a user should be allowed to access the requested resource, and if so, what permissions they will have in regard to the resource. Those four types of attributes are:
Access is granted in PBAC by weighing these attributes against system policies - which typically use “if, then” logic to assess an access request - and evaluating whether the request is legitimate. Access is only granted if all the conditions are satisfied.
PBAC offers myriad advantages over other methods of access control such as RBAC and ABAC. These advantages include:
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team