Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what are the advantages of PBAC over traditional ABAC". In daily operation, I believe that many people have doubts about the advantages of PBAC over traditional ABAC. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the question of "what are the advantages of PBAC compared to traditional ABAC?" Next, please follow the editor to study!

IAM managers and architects tired of managing thousands of roles for hundreds of users need a better way to control access to the enterprise. The traditional role-based access control method has many weaknesses, there are too many users left behind, and it is vulnerable to "role explosion". New methods are needed to allow specific users to access specific content at a specific time.

The first solution usually considered is attribute-based access control (ABAC). ABAC is a fine-grained access management method in which requests for access to specific information are approved or denied based on defined rules that have been assigned to users, actions, resources, or environments.

For example, during the day-to-day working hours of a bank, when a customer's ID card and their account number are provided from the IP address of the branch office, the bank teller needs to be granted access to request customer account records.

In order to allow access to other branches or over the phone, other security processes may need to be completed ahead of time. Typically, these processes consist of a series of customer-specific issues that may need to talk to bank governors with a higher level of security responsibilities.

Sounds good, doesn't it? Okay, almost.

The problem with ABAC

Although attribute-based access control seems to be an accepted choice, it does have its own problems:

Problem 1: deployment and system maintenance require IT team

When the attribute-based access control method is adopted, with the continuous increase of the number of attributes, the complexity of defining each attribute associated with a single user also increases, which increases the difficulty of managing the access management of the whole enterprise.

Question 2: business teams are isolated and have limited visibility

Business leaders are in an off-cycle state and are highly dependent on the IT department to achieve the key authorization decisions they are making. This creates a greater gap between the leadership role and the IT role.

The problem 3:ABAC cannot be encoded in a normal language

To create and edit properties using ABAC, you need to be proficient in XACML, an extremely complex and outdated language. This makes the development process time-consuming.

Understand the benefits of PBAC

What is the solution to these problems? A new approach called Policy-based access Control (PBAC). PBAC is a method of combining roles and attributes with logic to create flexible dynamic control strategies. Like ABAC, it uses many properties to determine access permissions, so it also provides "fine-grained" access control. PBAC is designed to support access to devices in a variety of ways and is generally considered the most flexible authorization solution.

Other benefits of PBAC include:

Transparency and visibility of the business team

By simplifying the authorization process, management is no longer just monitoring identity and access management processes. Business executives are now fully capable of ensuring that business logic is applied securely, not only to control access, but also to assess what information has been accessed after the entry has been granted to the system. The functionality of PBAC ensures that sharing resources and data is simple and secure because it provides suppliers, freelancers, and partners with access to specific files within pre-specified restrictions (such as limited time periods).

Can be encoded in a common language

Through an easy-to-use interface, managers can firmly control the real-time enforcement and change of authorization policies. By quickly and efficiently defining access rights and parameters, business leaders can decide who can access, when to grant access, and where to create standardized policies across organizations without a great deal of IT knowledge.

PBAC has fine-grained or coarse-grained flexibility

PBAC supports environment and context control, so you can set policies to grant access to resources at specific times and locations, and even evaluate the relationship between identities and resources. You can quickly adjust the policy and set the policy for a given period of time (for example, responding to violations or other emergencies). User groups can be easily added, deleted, or modified, and obsolete permissions can be revoked with a click.

Policy-based access control simplifies the identity and authorization process by applying business logic to access management methods. RBAC has dominated access control since the 1990s, but it does not meet the needs of today's fast-paced, diverse, cloud-based environments.

Source of the article:

Https://blog.plainid.com/the-advantage-of-pbac-over-the-traditional-abac

Https://blog.plainid.com/why-role-based-access-control-is-not-enough

At this point, the study on "what are the advantages of PBAC over traditional ABAC" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.