There are many ways that you can control access to your property. You have a lot of variables to consider. For example, how do you make sure that people have access to the places that they’re supposed to? And how do you do this while adjusting their permissions if necessary? To support your tenants, you might choose between two different access control models. The two models you’ll see compared most often are role-based access control (RBAC) vs. attribute-access control (ABAC).
In this post, we explain how two of the most popular access control models work: role-based access control and attribute-based access control. Then, we go over ABAC vs. RBAC pros and cons and help you decide which one you should pick for your property.
This post covers:
- What are access control models?
- What is role-based access control?
- What is attribute-based access control?
- RBAC vs ABAC: which one should you choose?
What are access control models?
Access control models are frameworks that indicate how different types of access control systems operate.
When managing an access control system, you’ll likely run into certain challenges. For instance, you might want to secure one area of a building so only certain people can access it. One example when this might be necessary is when you want to prevent residents from accessing staff offices or storage rooms.
Alternatively, you might need to change one person’s access permissions. For instance, say a resident has just signed up for a new amenity, like a gym or a coworking space. You’ll need to make sure they can enter that space safely and conveniently.
In the past, property staff had no choice but to manually hand out and track sets of keys. These days, however, the prominence of electronic access control methods like cards and fobs gives managers more options.
But even with these innovations, you still need an effective way to track everybody’s current access permissions. Additionally, you need a way to change access permissions if needed.
To address this, providers have developed several different access models. Through these methods, you can categorize people based on the level of access they need. You can do this based on a person’s role or attributes. And you’ll do this by choosing an RBAC vs. ABAC access control model.
Watch how ButterflyMX works:
What is role-based access control?
Role-based access control (RBAC) systems allow you to create different user classifications, or roles, that you can assign to different people on your property. Then, you can set each role to have access to separate parts of the property.
For example, maybe you want to manage access to a storage closet. You might want to give your staff the ability to enter and retrieve supplies while making that area off-limits to residents. With a role-based access control system, you’d create a “staff” role and a “resident” role. Then, you’d assign different access permissions to each. You’d be able to create and assign every role necessary to keep your property running.
In an RBAC system, role management is a flexible and powerful tool. You could create an “IT worker” class with special access to the server rooms, or a “maintenance worker” class with sole access to maintenance closets or other restricted areas.
What is attribute-based access control?
Attribute-based access control (ABAC) determines if people have access based on characteristics, rather than their job or title.
At first, attribute-based access control might sound similar to RBAC. The difference between them is small but crucial. The primary difference between ABAC and RBAC is that you create roles, while people already have attributes.
Once a role is set, the only changes you can make to a role-based system involve switching a person between different roles. On the other hand, a person’s attributes can change due to any number of factors.
Some examples of attributes include:
- Location
- IP address
- Type of device
- Time a person is accessing the system
- Security clearance
In short, ABAC is a more flexible, user-intuitive access control model.
RBAC vs. ABAC example
To illustrate the difference between RBAC and ABAC, let’s explore how both models react to the same scenario.
Let’s say you’re a commercial property manager, and an employee you manage access for just got a promotion. And with that promotion comes access to more areas of the building.
In a role-based access control system, it’d be your job to manually reassign this person into a “manager” role with greater access permissions.
However, in an attribute-based access system, this process looks different. Under an ABAC system, as soon as the company’s software registered this new manager’s promotion, their attribution would automatically update from “worker” to “manager.” As a result, they’d be able to access these new areas without any manual reassignments.
RBAC vs. ABAC: Which one should you choose?
While ABAC systems are more hands-off, they’re also more expensive to install and maintain. This is because they need to store and keep track of people’s attributes in real time.
You should choose between an RBAC vs. an ABAC system depending on the type of tenant you’re looking after and your budget.
ABAC systems are typically found in commercial buildings that rent to companies with dozens or even hundreds of workers. These systems make the most sense for large companies with many different positions. In this case, manually reassigning their positions might be too time-consuming and counterproductive.
On the other hand, RBAC systems work well in buildings where everybody’s role is already determined and is unlikely to change. For example, if you manage a residential property, residents will stay residents, and staff will stay staff. So, you don’t need the more intensive capabilities of an attribute-based system.
Is ABAC better than RBAC?
When comparing RBAC vs. ABAC, it’s easy to assume one is better than the other. However, the access control model that’s better for you may not be better for another property.
So, when choosing between ABAC and RBAC, you should consider:
- Your budget
- The type of tenants you rent to
- The structure of roles at your property
Takeaways
- Two of the most popular access control models are role-based access control and attribute-based access control — or RBAC vs. ABAC models.
- In a role-based access control system, the administrator defines roles — like residents, staff, or maintenance workers — and assigns individuals to each role based on which parts of the property they need to access.
- Attribute-based access control is based on real-time monitoring of a person’s attributes and grants access based on those factors.
- The question of attribute-based access control vs. role-based access control depends on the needs of your tenants and the size of your property.
- Curious how you can compare RBAC vs. ABAC? As a rule of thumb, attribute-based access control is better for larger buildings and corporations that have constantly changing structures. Role-based access control is better for residential buildings where everybody’s role is already determined.