A Hybrid Attribute Based Access Control Model Applied to Data in a Hybrid Cloud Environment

Attribute Based Access Control (ABAC) has become more broadly adopted by enterprises around the world to provide more dynamic controls to accessing data than Role Based Access Control (RBAC). The challenge is that RBAC is still widely used inside enterprises and ABAC has several limitations reducing its benefits and slowing adoption. Most data access management systems adopted across enterprises today use an access methodology known as Role Based Access Control (RBAC). In RBAC, a user requests access to data or a resource, an approver with knowledge of the users and the resource evaluates the request, and, if approved, the user (subject) is then added to a predefined role that has a set of permissions granted against the resource. Approvers must understand the roles and their intended purpose to grant users access to those roles properly. Contextual information not used when making an access decision. If the access to data is subdivided into subgroups such as by geo, division, specific columns and/or rows of data, then many roles must be created.