- There are four types of access control models: RBAC, ABAC, DAC, and MAC.
- Role-based access control (RBAC) systems allow you to create different user classifications, or roles, that you can assign to different people on your property.
- Attribute-based access control (ABAC) determines if people have access based on characteristics rather than their jobs or titles.
- RBAC and ABAC access control models help solve a number of access control management challenges — including changing access permissions.
- Looking at the cost and type of building can help you decide between RBAC vs. ABAC.
There are many variables to consider when it comes to access control to your building – namely, access control models. As such, the two models you’ll see discussed often are role-based access control (RBAC) and attribute-based access control (ABAC).
The biggest difference between RBAC vs. ABAC is in the way each of them grants access to your building. So, in this post, we explain how two of the most popular access control models work and which is better.
This post covers:
- What are the four types of access control models?
- What is role-based access control?
- What is attribute-based access control?
- Why do we need RBAC and ABAC access control models?
- Which is better: RBAC vs ABAC?
What are the four types of access control models?
There are four types of access control models, including RBAC and ABAC:
- MAC. Mandatory access control (MAC) restricts access control to only one administrator and serves as the securest option for high-security buildings.
- DAC. Discretionary access control (DAC) allows for multiple administrators to control access to a building. It’s considered the least restrictive but also the most confusing under certain circumstances.
- RBAC. Role-based access control (RBAC) makes it easy for property managers and owners to revoke and grant access to tenants.
- ABAC. Attribute-based access control (ABAC) can also be called “policy-based access control.” If a tenant fails to meet the attributes needed, they are denied access.
Watch how ButterflyMX works:
What is role-based access control?
Role-based access control (RBAC) systems allow you to create different user classifications or roles that you can assign to different people on your property. Then, you can set each role to have access to separate parts of the property.
For example, maybe you want to manage access to a storage closet.
Here are the steps you’d take to set role-based permissions:
- Create roles. With RBAC, you can create a “staff” role and a “resident” role.
- Assign. After that, you’d assign different access permissions to each.
- Repeat. Once you’ve accomplished the above steps, you can create and assign every role necessary to keep your property running.
In an RBAC system, role management is a flexible and powerful tool. You can create an “IT worker” class with special access to the server rooms or a “maintenance worker” class with sole access to maintenance closets or other restricted areas.
What is attribute-based access control?
Attribute-based access control (ABAC) determines if people have access based on characteristics rather than a job or title. In short, ABAC is a more flexible, user-intuitive access control model.
At first, attribute-based access control might sound similar to RBAC. The difference between these two designs is small but crucial. Above, we pointed out that, with RBAC, you create roles for each user.
However, with ABAC, access permissions are granted based on attributes such as characteristics and action types.
Some examples of attributes include:
- IP address
- Type of device
- Time a person is accessing the system
- Security clearance
Role-based access control vs. attribute-based access control
To illustrate the difference between RBAC and ABAC, let’s explore how both models react to the same scenario.
Let’s say you’re a commercial property manager, and an employee you manage access for just got a promotion. With that promotion comes access to more areas of the building.
Here’s what the process looks like under the two different access control models:
- Role-based access control system. With RBAC, it would be your job to manually reassign this person into a “manager” role with greater access permissions.
- Attribute-based access system. Under an ABAC system, as soon as the company’s software registers the promotion, their attribution will automatically update from “worker” to “manager.” As a result, they’ll be able to access these new areas without any manual reassignments.
Why do we need RBAC and ABAC access control models?
RBAC and ABAC access control models help solve a number of access control management challenges — including changing access permissions.
See, access control models are frameworks that indicate how different types of access control systems operate. When managing an access control system, you’ll likely run into certain challenges that either RBAC or ABAC can solve.
For instance, you might want to secure one area of a building so only certain people can access it. One example when this might be necessary is when you want to prevent residents from accessing staff offices or storage rooms.
Alternatively, you might need to change one person’s access permissions. For instance, say a resident has just signed up for a new amenity, like a gym or a coworking space. You’ll need to make sure they can enter that space safely and conveniently.
In the past, property staff had no choice but to manually hand out and track sets of keys. These days, however, the prominence of electronic access control methods like cards and fobs gives managers more options.
Which is better: RBAC vs ABAC?
The conversations surrounding role-based access control vs. attribute-based access control have many variables. Looking at the cost and type of building can help you decide which is better for you.
While ABAC systems are more hands-off, they’re also more expensive to install and maintain. This is because they need to store and keep track of people’s attributes in real-time.
Furthermore, ABAC systems are typically found in commercial buildings that rent to companies with dozens or even hundreds of workers. These systems make the most sense for large companies with many different positions.
On the other hand, RBAC systems work well in buildings where everybody’s role is clearly defined and unlikely to change. For example, if you manage a residential property, residents and staff will stay in their respective positions.
Is ABAC better than RBAC?
When comparing RBAC vs. ABAC, it’s easy to assume one is better than the other. However, the access control model that’s better for you may not be better for another property.
So, when choosing between ABAC and RBAC, you should consider:
- Your budget
- The type of tenants you rent to
- The structure of roles at your property