Attribute-Based Access Control (ABAC)

Attribute-based access control is an authorization model that grants or denies access based on a combination of attributes — properties of the requesting agent, the resource being accessed, the action being taken, and the environmental context. ABAC is more expressive than role-based access control and can encode complex governance rules such as 'agents may access PII only if the requesting user has given explicit consent and the task is classified as low risk'.