Increased efficiency
Reduced management difficulty
Users are benefiting
What is RBAC
Role-based access control (RBAC), which refers to the authorization of privileges to users through their roles (Role), enables more flexible access control and is simpler, more efficient, and more scalable than granting privileges directly to users.
RBAC Application Scenarios
For example, the user system has Admin, Maintainer, Operator three roles, these three roles have different permissions . For example, only Admin has the permission to create code repository, delete code repository, the other roles do not have.
What is ABAC
Attribute-Based Access Control (ABAC) is a very flexible authorization model. Unlike RBAC, ABAC uses various attributes to dynamically determine whether an operation can be allowed.
ABAC Application Scenario
Authorize editing privileges for Editor A for a specific book.
Granting a user access to a document when the document belongs to the same department as the user's department.
Prohibit people from department A from accessing system B until 9:00 a.m.
Prohibit access to System A as an administrator in places other than Shanghai.
Overall, you can granularly authorize the circumstances under which a resource has a particular permission.
Authing's Model
In Authing's permission system, we implement the RBAC model of role permission inheritance through two kinds of objects: user and role, and on top of that, we can dynamically and granularly authorize around attributes, thus realizing the ABAC permission model.
At the same time, in order to meet the design requirements of complex organizational structures in large systems, we combine resources, roles, and permissions into a unified permission grouping, which is convenient for developers to manage.

Choose ABAC if the following conditions are met.

You are in a large organization with many users.
You need in-depth, specific access control functionality.
You have time to invest in a remote model.
You need to ensure privacy and security compliance.
Let's talk
However, consider RBAC if the following conditions are met.
You are in a small to medium-sized business.
You have an extensive access control policy.
You have few external users and your organizational roles are clearly defined.
Let's talk

Try Authing for free

Experience of 3 use cases, Up to 8,000 MAU
Add company WeChat
400 888 2106