Texonom
Texonom/
Engineering
Engineering/Service Engineering/Computer Security/Access Control/Access Control Model/
ReBAC
Search

ReBAC

Creator
Creator
Seonglae ChoSeonglae Cho
Created
Created
2025 Sep 30 22:8
Editor
Editor
Seonglae ChoSeonglae Cho
Edited
Edited
2025 Oct 16 10:4
Refs
Refs
FGA
Modal logic

Relationship-Based Access Control

A structure where permissions propagate through references between objects
Instead of assigning roles to resources and users like in
Role Based Access Control, ReBAC treats a role as an edge relation on the graph which is chainable.
Useful for deeply nested groups such as Org → Dept → Team → User. This approach also applies to folder nested architectures, such as sharing a folder and allowing permission checks for files deep inside the hierarchy.
However, a disadvantage of chainability is that even simple errors in rule settings can cause traversal to continue indefinitely, potentially causing serious system collapse

Google
Zanzibar

Unlike
Discretionary Access Control or
Role Based Access Control, ReBAC is a paradigm that determines access rights based on user networks. The system maintains a social graph that is poly-relational and directed. Access permissions are evaluated through predicates in the form of policy(owner, accessor, network) function with arguments. It introduces policy languages based on Modal Logic to express relationship combinations and delegation of trust.

Policy Language

For a doctor to access a patient, there must be a relation in the relation set I stating "doctor is GP of the patient". A Policy Predicate is not a relation itself, but rather a function that takes a relation as input and returns true or false. In other words, it's a function that checks "what kind of relationship exists between these two users in this network".
where is a set of resources, is a set of users, and is a set of relation tuples. Since this is a subject-target directed graph, the order of tuples is important. The distinction between subject and target is crucial because the original ReBAC paper does not make this distinction. Multiple I sets can be used, one for each relation type.

Recursive Problem

The most challenging issue when deploying in real systems. This traversal can fall into infinite loops. The solution is that already visited (world, formula) pairs are only evaluated once.
 
 
 

Explicit context-aware policy while original only consider context tree

  • Fong & Sia (2012) Relationship-Based Access Control with Delegation
  • Crampton (2014) A Reference Monitor for ReBAC
  • Hu et al. (2015) Contextual ReBAC)
cspages.ucalgary.ca
https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf
 
 

Backlinks

Access ControlCedar

Recommendations

Texonom
Texonom/
Engineering
Engineering/Service Engineering/Computer Security/Access Control/Access Control Model/
ReBAC