OpenIAM Access Manager manages Groups, Roles, Permissions and Resources. Groups are generally used to model organizational structure where as Roles are used to model a person’s function with in the enterprise.
In RBAC, a subject is given one or more roles depending on the subject’s job. Access is determined by the subject’s role. In ABAC, access is determined by the attributes of the subject, attributes of the resource being accessed, environmental attributes and the desired action attribute. ABAC is implemented based on the XACML specification.
Developing an access control strategy based on Role Based Access Control provides a clean and flexible model that is easier to maintain over a long period of time.
Polices may be associated with a person’s role. For example, someone in a Bank Teller role may be permitted to access applications pertinent to his or her role, but not permitted to access applications related to someone in a Loan Officer role.