You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

EmpowerID Hybrid Access Control (RBAC, ABAC, and PBAC)

EmpowerID delivers a comprehensive solution for managing authorization policies by seamlessly integrating the strengths of RBAC, ABAC, and PBAC. This approach ensures that organizations can effectively and dynamically manage access control across various applications and use cases, providing a secure and compliant environment.

By employing RBAC relational modeling, EmpowerID establishes a structured framework for defining an organization's hierarchy, roles, and policies. This framework allows security architects to model the organization and its structure, including segregation of duties policies, to prevent undesired combinations of access.

Simultaneously, EmpowerID takes advantage of the flexibility and real-time contextual nature of ABAC and PBAC to support centralized decision-making for applications that interact with the EmpowerID API for authorization decisions. The ABAC/PBAC engine works hand-in-hand with the robust RBAC engine to enhance or modify its decisions when necessary, considering factors such as risk, location, and MFA type.

Incorporating pre-calculated access results derived from complex RBAC policies, which account for inheritance and attribute-based queries, bolsters the potency of ABAC/PBAC policies. This hybrid approach ensures that organizations can effectively manage access control across a wide range of applications and use cases.

Figure 1: EmpowerID’s Innovative Hybrid RBAC/ABAC/PBAC Model

In summary, EmpowerID unites the best aspects of RBAC, ABAC, and PBAC to offer a comprehensive and efficient solution for managing authorization policies. This method provides the necessary structure, flexibility, and real-time contextual decision-making required to meet the ever-evolving needs of contemporary IT organizations.

 

What is Role-Based Access Control?

What is Attribute Based Access Control?

What is Policy-Based Access Control?

What are Access Levels?

What are EmpowerID Operations?

What are Resources and Resource Types?