Graph-based access control: Difference between revisions

'''Graph-based access control''' (GBAC) is a [[declarative]] way to define [[access control|access rights]], task assignments, recipients and content in information systems. The access rights are granted to objects like files or documents, but also business objects like an account. It can also be used for the assignment of agents to tasks in workflow environments. Organizations are modeled as a specific kind of semantic graph comprising the organizational units, the roles and functions as well as the human and automatic agents (i.a. persons, machines). Compared to other approaches like [[role-based access control]] or [[attribute-based access control]], the main difference is that in GBAC access rights are defined using an organizational query language instead of total enumeration.