What else exists besides ABAC and RBAC?

The following are descriptions of lesser known policy models that just might be the best fit for your software. Before ever considering anything listed here, ensure that you understand RBAC, ABAC, and Policy Engines and have determined all of them as a poor fit.

CBAC: Context Based Access Control#

Coming Soon.

Capability Based Security#

Coming Soon.

DAC: Discretionary Access Control#

Coming Soon.

GBAC: Graph-Based Access Control#

GBAC is when policy is modeled in a graph database and callers are provided a full graph query language (e.g. Gremlin) to resolve access requests.

LBAC: Lattice-Based Access Control#

AKA Label-Based Access Control AKA Rule-Based Access Control

LBAC is a policy model where users and objects can be combined to define rules. These rules are the minimum requirements to gain access.

OrBAC: Organization-Based Access Control#

Coming Soon.

MAC: Mandatory Access Control#

MAC is any system where only a centralized "administrator" controls all policy changes. For example, Linux file permissions are not MAC because all users can change the permissions of files where they have write-access. Linux does have a great example of MAC: the most commonly cited example of MAC are Linux Security Modules which centrally restrict access to resources in the kernel.

ReBAC: Relationship-based Access Control#

Coming Soon.

RSBAC: Rule Set Based Access Control#

Coming Soon.