Admin

Role Nameview:postsedit:postsdelete:postsview:comments
admin
viewer

John Doe

PolicyConditionsActionEffectStatus
Engineering Full Access
department equals engineeringlevel greaterThan 2
full:accessallowNo Match
Contractor View Only
isContractor equals true
view:onlyallowNo Match

John Doe

department:
engineering
level:
2
location:
US
isContractor:
false
ResourceTypeownereditorviewer
Post 1post
Post 2post

John Doe

viewer of Post 1
viewer of Post 2
ResourceTypevieweditdelete
Post 1post
Post 2post

John Doe

Post 1
view
Post 2
view

RBAC (Role-Based Access Control)

Page
More Details

Users are assigned roles, and roles define what actions are allowed. Access decisions are made based on the user’s role.

Real-World Examples

  • Salesforce
  • SAP ERP
  • GitHub (organization roles)
  • AWS IAM (basic role usage)

ABAC (Attribute-Based Access Control)

Page
More Details

Access is determined dynamically based on attributes of the user, the resource, the action, and the environment (context). Very flexible and policy-driven.

Real-World Examples

  • AWS IAM (policies with conditions)
  • Microsoft Azure RBAC + policies
  • Okta
  • Google Cloud IAM
  • Banking/Financial System Entrypoints

REBAC (Relationship-Based Access Control)

Page
More Details

Access is determined by the relationship between a user and a resource, not just roles or permissions. Common in social networks and collaborative platforms.

Real-World Examples

  • Google Drive
  • Facebook
  • LinkedIn
  • Slack
  • Discord

ACL (Access Control List)

Page
More Details

Specifies, for each resource, which users or roles have which permissions. Permissions are tied directly to the resource rather than roles.

Real-World Examples

  • Linux/Windows File System
  • Dropbox
  • Apache Web Server