About: Relationship-based access control

An Entity of Type: Thing, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

In computer systems security, Relationship-based access control (ReBAC) defines an authorization paradigm where a subject's permission to access a resource is defined by the presence of relationships between those subjects and resources. ReBAC gained popularity with the rise of social network web applications, where users need to control their personal information based on their relationship with the data receiver rather than the receiver’s role. ReBAC systems are deny-by-default, and allow building RBAC systems on top of them.

Property	Value
dbo:abstract	In computer systems security, Relationship-based access control (ReBAC) defines an authorization paradigm where a subject's permission to access a resource is defined by the presence of relationships between those subjects and resources. In general, authorization in ReBAC is performed by traversing the directed graph of relationships. The nodes and edges of this graph are very similar to triples in the Resource Description Framework (RDF) data format. ReBAC systems allow hierarchies of relationships, and some allow more complex definitions that include algebraic operators on relationships such as union, intersection, and difference. ReBAC gained popularity with the rise of social network web applications, where users need to control their personal information based on their relationship with the data receiver rather than the receiver’s role. In contrast to role-based access control (RBAC), which defines roles that carry a specific set of privileges associated with them and to which subjects are assigned, ReBAC (like ABAC), allows defining more fine-grained permissions. For example, if a ReBAC system defines resources of type document, which can allow one action editor, if the system contains the relationship ('alice', 'editor', 'document:budget'), then subject Alice can edit the specific resource document:budget. The downside of ReBAC is that, while it allows more fine-grained access, this means that the application may need to perform more authorization checks. ReBAC systems are deny-by-default, and allow building RBAC systems on top of them. (en)
dbo:wikiPageExternalLink	https://authzed.com/spicedb/ https://openfga.dev/docs/authorization-and-openfga https://www.osohq.com/academy/relationship-based-access-control-rebac https://medium.com/building-carta/authz-cartas-highly-scalable-permissions-system-782a7f2c840f
dbo:wikiPageID	71054606 (xsd:integer)
dbo:wikiPageLength	4687 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1122187736 (xsd:integer)
dbo:wikiPageWikiLink	dbr:Resource_Description_Framework dbr:Google dbc:Computing dbr:Directed_graph dbr:Attribute-based_access_control dbr:Authorization dbr:RBAC dbr:Role-based_access_control
dbp:wikiPageUsesTemplate	dbt:Reflist dbt:Short_description
dcterms:subject	dbc:Computing
rdfs:comment	In computer systems security, Relationship-based access control (ReBAC) defines an authorization paradigm where a subject's permission to access a resource is defined by the presence of relationships between those subjects and resources. ReBAC gained popularity with the rise of social network web applications, where users need to control their personal information based on their relationship with the data receiver rather than the receiver’s role. ReBAC systems are deny-by-default, and allow building RBAC systems on top of them. (en)
rdfs:label	Relationship-based access control (en)
prov:wasDerivedFrom	wikipedia-en:Relationship-based_access_control?oldid=1122187736&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:Relationship-based_access_control
is foaf:primaryTopic of	wikipedia-en:Relationship-based_access_control