We are getting ready to release Attribute Based Access Control (ABAC). This article provides an overview of some of the upcoming Admin UI changes that you will see once ABAC has been released.
But, first of all, what is ABAC?
Attribute based access control is an authorization model that evaluates attributes to determine access. Attributes can be about the subject (the user or entity requesting access), the object (the resource or file the subject wants to access) or even the environment (the broader context including characteristics such as time of day or IP address). ABAC policies work alongside RBAC (Role Based Access Control) and Divisions to provide additional access control granularity. These policies are essentially boolean logic statements where a condition is evaluated to a true or false result. Each policy targets a specific group of API calls (know as a 'target') and applies to a specific subset of users (known as the 'subjects')
ABAC will evolve over time as more attributes and targets are defined. The initial ABAC release focuses on restricting permission changes and will deliver the following use cases:
- Cannot grant new roles - Prevent non-admin users from granting roles they do not themselves have
- Cannot update certain user profile fields - Prevent define user profile fields from being modified except by supervisors or admins
ABAC UI Overview
There is a new Organization Setting that controls ABAC enforcement. Enable this setting to create and edit policies. Each ABAC policy also has an individual on/off setting.
#Roadmap/NewFeatures
#Security
------------------------------
David Murray
Principal Product Manager
Genesys Cloud
------------------------------