Graph-based access control: Difference between revisions

Graph-based access control is a rather new technique for granting users of information systems access rights to data objects like files or documents but also business objects like an account. It can also be used for the assignment of tasks in workflow environments. Organizations are modeled as a specific kind of semantic graph comprising the organizational structure, the roles and functions as well as the agents. Compared to other approaches like [[RBAC]] or [[Attribute-based_access_control|ABAC]] the main difference is that in GBAC access rights are defined using an organization query language instead of total enumeration.