ABAC Policy

Manage object access using ABAC policies

ABAC (Attribute-Based Access Control) is an authorization model that controls access to resources based on attributes (Tags) rather than fixed roles or permissions. It provides fine-grained access control by evaluating who (subject), what (object), and how (action) based on contextual attributes.

The ABAC rules are contained in the Organization Account's ABAC Policy Object.

A default ABAC policy is automatically created when a new Organization Account is registered. Administrators can modify it to suit their specific needs.

Our ABAC Policies are Open Policy Agent (OPA) compliant. OPA is a graduated project of Cloud Native Computer Foundation, and de-facto industry standard for policy language. OPA uses the Rego Policy Language. You can use the Rego Playground as a policy development environment.

To find out more about ABAC and how it compares with Role-Based Access Control (RBAC), please refer to our Blogs.

ABAC Policy Object Attributes

Name
Type
Description

id

String

The unique identifier for ABACPolicy

policy

String

The ABACPolicy string - rego policy contents

tags

Array of Tag

Object Tag

meta

Object Meta

Object's meta data, read only

Contact Support

PreviousTokens REST APINextABACPolicies REST API

Last updated

Was this helpful?