RBAC vs. ABAC: who gets the key to your digital home?
Marcel van Beek
6 min read
Your business software contains sensitive data. Manually creating and managing accounts is time-consuming and increases the risk of errors. Joinly offers two powerful methods to control access: Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). Together, they ensure secure, automated access to applications like a financial cloud solution.
The key metaphor
Imagine you manage a large office building.
RBAC is like issuing keys per function: everyone in the cleaning team has the same key that allows access to all floors designated for “Cleaning”.
ABAC is more like a smart access card: the card checks live if you currently have access rights. Is someone working solely on Project X and it's outside working hours? The card decides on the spot if the door will open.
RBAC: Roles as a basis
RBAC works with predefined roles. You determine, for example, that an employee in the role of Finance-User can only view reports, while a Finance-Admin can also change settings.
New employees automatically receive the correct rights as soon as they are added to the Finance group.
Roles are easy to understand and manage, even in larger organizations.
ABAC: Attributes drive access
ABAC adds dynamics to this. Access is determined by attributes (attributes) of the user or context. Consider:
Department or project code: only those listed as “Finance” in the HR system gain access.
Location or time: logging in is allowed only during office hours or from trusted networks.
With ABAC, access remains current without anyone needing to make manual changes.
The power of combination
In practice, our users often achieve the best results with a mixture of both:
RBAC for basic rights – who is allowed to use what functionality.
ABAC for extra granular control – for example, that an external auditor can only access files from a specific project and only during the audit period.
This creates a flexible and secure access model that adapts to organizational changes and HR data.
Conclusion, RBAC and ABAC
RBAC gives every employee the right key; ABAC adds a smart badge that live checks if the door can really open. By combining both in the Joinly Identity and Access Management platform (based on Entra), your application landscape receives a secure, future-proof access management system that meets the demands of modern organizations.
As soon as a new employee is in your HR system, Joinly sets the whole process in motion:
The user is created in Microsoft Entra ID
The correct roles are assigned based on the information known about your employees
Licenses for Microsoft 365, Teams, SharePoint, and other applications are activated immediately
Your business software contains sensitive data. Manually creating and managing accounts is time-consuming and increases the risk of errors. Joinly offers two powerful methods to control access: Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). Together, they ensure secure, automated access to applications like a financial cloud solution.
The key metaphor
Imagine you manage a large office building.
RBAC is like issuing keys per function: everyone in the cleaning team has the same key that allows access to all floors designated for “Cleaning”.
ABAC is more like a smart access card: the card checks live if you currently have access rights. Is someone working solely on Project X and it's outside working hours? The card decides on the spot if the door will open.
RBAC: Roles as a basis
RBAC works with predefined roles. You determine, for example, that an employee in the role of Finance-User can only view reports, while a Finance-Admin can also change settings.
New employees automatically receive the correct rights as soon as they are added to the Finance group.
Roles are easy to understand and manage, even in larger organizations.
ABAC: Attributes drive access
ABAC adds dynamics to this. Access is determined by attributes (attributes) of the user or context. Consider:
Department or project code: only those listed as “Finance” in the HR system gain access.
Location or time: logging in is allowed only during office hours or from trusted networks.
With ABAC, access remains current without anyone needing to make manual changes.
The power of combination
In practice, our users often achieve the best results with a mixture of both:
RBAC for basic rights – who is allowed to use what functionality.
ABAC for extra granular control – for example, that an external auditor can only access files from a specific project and only during the audit period.
This creates a flexible and secure access model that adapts to organizational changes and HR data.
Conclusion, RBAC and ABAC
RBAC gives every employee the right key; ABAC adds a smart badge that live checks if the door can really open. By combining both in the Joinly Identity and Access Management platform (based on Entra), your application landscape receives a secure, future-proof access management system that meets the demands of modern organizations.
As soon as a new employee is in your HR system, Joinly sets the whole process in motion:
The user is created in Microsoft Entra ID
The correct roles are assigned based on the information known about your employees
Licenses for Microsoft 365, Teams, SharePoint, and other applications are activated immediately
Explore more blogs
Browsing is free
Schedule a no-obligation demo
In 30 minutes, we would love to show you how Joinly adds value for the entire organization.
Browsing is free
Schedule a no-obligation demo
In 30 minutes, we would love to show you how Joinly adds value for the entire organization.
Browsing is free
Schedule a no-obligation demo
In 30 minutes, we would love to show you how Joinly adds value for the entire organization.