What is Access control?
Access control enables an organization’s administrators to control or restrict access to an organization’s resources, APIs and systems to ensure that access is provided to the right users at the right time. It is based on roles, attributes, on the administrator’s discretion, or if mandatory access is required.
This can be further illustrated as:
- Role-based access control (RBAC)
- Attribute-based access Control (ABAC)
- Scope based access control for OAuth applications and resources
Fine-grained access control is enabled by XACML (extensible Access Control Markup Language). It is a commonly known industry standard and an XML-based language that helps to express and enforce policies on access control.