Model Attribute-Based Access Control (ABAC)
Attribute-based access control (ABAC) is an access control model that grants or denies access to resources based on attributes associated with users or resources. This model allows for more fine-grained and flexible access control than role-based access control (RBAC) or even relationship-based access control (ReBAC).
Attributes can express authorization logic that can't be defined in terms of roles or relationships. Take something as simple as: anybody can read a repository if it is marked “public”. The “public” attribute is an example of an attribute that isn’t a relationship or a role.
It's easy to model attribute-based access control in Oso Cloud.
Here are 3 resources that would be useful to have open when running through these guides:
- The Rules Workbench (opens in a new tab), a visual rules editor that you can use to model most of these patterns
- The syntax reference for Polar, our declarative configuration language that you can use to express any authorization model
- And our example application, GitCloud (opens in a new tab), a source code collaboration platform based on GitHub and GitLab