What is Attribute Based Access Control?

Understanding Attribute Based Access Control

This is an access control paradigm whereby access rights are granted to users with policies that combine attributes together. ABAC evaluates dynamic attributes such as user properties, resource characteristics, environmental conditions, and contextual information to make access decisions. Unlike role-based approaches, ABAC offers fine-grained control through complex, flexible policies. This model is recommended in frameworks like NIST SP 800-162 and is particularly well-suited for modern distributed architectures. Organizations implement ABAC through policy engines that evaluate attribute rules in real-time, often using technologies like XACML. For example, a government agency might use ABAC to restrict document access based on user clearance level, document classification, time of day, and network location. Related terms: Role-based access control, Policy-based access control, Zero trust architecture, Least privilege, Access control matrix.