ABAC
Attribute-Based Access Control: grants permissions based on attributes (user department, resource type, time of day, IP range). More flexible but more complex than RBAC.
What is ABAC?
Attribute-Based Access Control: grants permissions based on attributes (user department, resource type, time of day, IP range). More flexible but more complex than RBAC.
ABAC is a intermediate-level concept that sits in the Security Architecture area of system design. Engineers reach for it whenever they need to reason about real-world trade-offs in that space — not just for textbook correctness, but because real production systems at companies like Netflix, Amazon, and Google make these decisions every day.
If you want to go deeper than this definition — with diagrams, code, and a quiz to lock it in — work through the "ABAC" lesson linked below. It walks through the why, the mechanism, the trade-offs, and how the giants actually use it in production.
Learn ABAC in depth
Full interactive lesson with diagrams, code examples, real-world references, and a quiz.
Open the ABAC lessonRelated lessons
Lessons that touch on ABAC as part of a larger topic.
See also
Related glossary terms you might want to look up next.
RBAC
Role-Based Access Control: assigns permissions to roles (admin, editor, viewer), then assigns roles to users. Simpler to manage than per-user permissions.
OAuth
An authorization framework that lets users grant third-party apps limited access to their accounts without sharing passwords. Powers 'Sign in with Google.'
JWT
JSON Web Token: a compact, self-contained token for transmitting claims between parties. The server can verify it without a database lookup.