ABAC: Flexible Approach To Access Control In Enterprise Software

A basic premise for success of B2B software products is flexibility. You have to tailor your product to the internal processes of businesses that adopt it. Moreover, you'll have to do it continuously, since business, just like technology, never stays still.

In the midst of it all there's an issue that matters to every enterprise in a different way – flexible access to resources and notifications distributed among users, which must additionally provide for data security and strict legal compliance with such acts as GDPR or HIPAA.

A widely used solution here is to set up and manage user roles. However, it can eventually lead to a dead end, when the functionality of user roles overlaps multiple times. In fact, it is not uncommon among enterprises with ever growing role functionality to reach the point when the quantity of possible roles surpasses the quantity of actual users.

We have mastered an alternative solution that will help your own software product be flexible in this respect—Attribute Based Access Control, or ABAC—which enables dynamic and context-specific access to resources that can be adapted to different access control policies. The main difference from the role based approach is that everything revolves not around users or actions they take, but rather around attributes.

Yuriy Luchaninov, Lead Solution Architect

"We have already applied this approach involving Node.js-based servers. It allows us to provide the required level of flexibility in your project, minimizing changes in source code when it comes to modifying business logic for different adopters.

Download this document to learn all about the functional advantages and technical subtleties of ABAC in comparison with the traditional role based approach."