'''Graph-based access control''' (GBAC) is a relatively new technique for granting information systems users access rights to objects like files or documents, but also business objects like an account. It can also be used for the assignment of tasks in workflow environments. Organizations are modeled as a specific kind of semantic graph comprising the organizational units, the roles and functions as well as the human and automatic agents (i.a. persons, machines). Compared to other approaches like [[role-based access control]] or [[attribute-based access control]], the main difference is that in GBAC access rights are defined using an organizational query language instead of total enumeration.
