'''Graph-based access control''' ('''GBAC''') is a [[declarative programming|declarative]] way to define [[access control|access rights]], task assignments, recipients and content in [[information systemssystem]]s. The accessAccess rights are granted to objects like files or documents, but also business objects likesuch as an account. ItGBAC can also be used for the assignment of agents to tasks in workflow environments. Organizations are modeled as a specific kind of semantic graph comprising the organizational units, the roles and functions as well as the human and automatic agents (i.a. persons, machines). ComparedThe tomain difference with other approaches likesuch as [[role-based access control]] or [[attribute-based access control]], the main difference is that in GBAC access rights are defined using an organizational query language instead of total enumeration.
