Question

Which type of access control system enforces granular permissions by evaluating the user’s role, the sensitivity level of the data, and the geographic location of the request?

Accepted Answer

The type of access control system that enforces these permissions is Attribute-Based Access Control, commonly referred to as ABAC. Unlike traditional systems that rely solely on simple user assignments, ABAC uses a policy-based approach to make decisions by evaluating specific characteristics, known as attributes, for every access request. These attributes fall into four main categories: subject attributes, which define the user such as their assigned role or clearance level; resource attributes, which describe the data being accessed such as its sensitivity level or file type; action attributes, which identify what the user is trying to do such as read, write, or delete; and environmental attributes, which define the context of the request such as the current time, the device being used, or the geographic location of the user. In practice, an ABAC system functions by comparing these combined attributes against a set of security rules. For example, a rule might state that a user with the role of manager can only read a file marked as highly sensitive if they are accessing the system from a verified corporate network located within the United States. If any part of this logic is not met, the system automatically denies access. Because ABAC evaluates these multiple, dynamic variables simultaneously rather than just checking a static identity list, it provides the most granular level of security and allows administrators to enforce complex, real-world security policies.

Home → All Courses → Engineering and Technology Courses → Data Governance and Privacy Engineering → Flashcard

Which type of access control system enforces granular permissions by evaluating the user’s role, the sensitivity level of the data, and the geographic location of the request?