In discussions about Identity & Access Management, two terms always come up sooner or later: RBAC and ABAC. They are often presented as competing models, as if organisations have to choose between simplicity and flexibility, between predictability and precision. The reality is different. What organisations really need is an IAM solution that simply works. A solution that automatically regulates access according to policy, without complicated settings or technical choices.

RBAC and ABAC are powerful concepts, but in many IAM systems they are made unnecessarily technical. As a result, they lose their value. Employees and security teams can't see the wood for the trees, while the goal is actually very simple: automatically the right access at the right time.

Joinly proves it can be done. No choice between RBAC or ABAC, no complex configurations, but a flexible and innovative model that combines both. IAM without hassle. No-nonsense IAM.

What RBAC and ABAC actually mean

Although the terms are often perceived as technical, they are basically very logical.

RBAC

Role Based Access Control grants rights based on role or function. It is clear and stable. Roles such as HR employee, finance controller, team leader or marketer determine what access someone gets. RBAC works fantastically for fixed structures, departments, and functions.

ABAC

Attribute Based Access Control looks at characteristics or circumstances. Think of location, type of contract, project assignment, BU, team or security level. ABAC makes access much more dynamic and suitable for organisations with externals, temporary employees or rapidly changing teams.

RBAC gives structure. ABAC gives nuance.
Together they provide control and flexibility.

Why most organisations need both

The reality is that organisations are never completely static. Roles change, teams grow, projects come and go, external employees join and leave. RBAC alone can be too coarse. ABAC alone can become too granular and confusing.

That's why modern organisations perform best with a hybrid IAM model. RBAC provides the foundation and ABAC complements where more detail is needed. For example:

• A marketer works at two locations and gets extra rights based on location (RBAC + ABAC).

• An external consultant works on a specific project and only gets access as long as the project runs (ABAC).

• A team leader gets standard access to management reports, but only to HR data if he leads a specific group (RBAC + ABAC).

This is not a technical luxury. It is simply how organisations work.

Where traditional IAM systems go wrong

Although RBAC and ABAC are logical, they are often complicated in traditional IAM solutions. Many systems force organisations to make a choice. They require extensive configurations, complex policy languages or numerous objects that have to be manually managed.

The result:

• organisations opt for RBAC because ABAC is too complicated

• or start with ABAC and get lost in attributes

• or set everything up manually, meaning IAM never really takes off

IAM then becomes a technical project instead of a business process.

Joinly puts an end to this complexity.

Joinly makes IAM extremely flexible without becoming difficult

The power of Joinly lies in simplicity. The platform is built from the idea that IAM should be logical, regardless of how many applications, roles, characteristics, or external employees you have.

The main advantages:

1. RBAC and ABAC work seamlessly together
There is no either-or. You don't choose between roles or attributes. You combine them where it makes sense. Joinly automatically processes access based on both models, without the user having to be aware of the difference.

2. HR continues doing what HR does
HR registers employees as always. Joinly retrieves identity data and performs IAM functionality independently of the HR system. IAM thus becomes fully autonomous, but still fed with current and reliable data.

3. IAM rules become understandable and applicable
No scripts. No policy languages. No matrices. The complexity is removed from the interface. You set rules that are logical for everyone, not just IAM experts.

4. Grow without redesigning
Where traditional IAM solutions have to be restructured as the organisation changes, Joinly grows along naturally. Roles, attributes, teams and workflows adjust without the model breaking.

5. Fully automated provisioning
Whether someone gains access through role, characteristic or a combination of them, Joinly processes it completely automatically. Start date, role change or end date: everything moves along and all access is adjusted in real time.

IAM thus becomes less of an administrative burden, but a silent engine that always runs.

For organisations, this means peace, predictability and security

A flexible access model that is automatically enforced not only gives more control but also more confidence. Teams know access is correct. HR knows identity data is processed immediately. Security knows that rights are adjusted when circumstances change. Management knows audit pressure decreases.

IAM becomes a natural part of the organisation. Not a blocking factor, but a driver.

With Joinly, an environment is created in which:

• access management always aligns with reality

• employees never have too much or too little access

• externals are automatically well-managed

• audits are effortlessly completed

• applications are consistently and safely connected

• IAM becomes truly understandable and applicable

And above all: an environment where no one needs to discuss RBAC or ABAC anymore.

IAM doesn't need to feel technical

IAM is often made complicated by systems, not by the concept itself. RBAC and ABAC are tools to distribute access fairly and safely. But the real value only arises when these models are made applicable in a simple way.

That's where Joinly stands out. Your approach removes the complexity. It provides the innovation and flexibility that organisations need, without getting bogged down in terminology or configurations. IAM as it should be: no-nonsense.