Relationship-Based Access Control (ReBAC) is an authorization model that grants or denies access based on the relationships between users, resources, and organizations. It matters because many real access decisions depend on ownership, membership, sharing, and delegated relationships.
What is Relationship-Based Access Control (ReBAC)?
ReBAC evaluates how subjects and objects are connected, such as whether a user owns a document, belongs to a team, manages a project, or is delegated specific access. It is especially useful in collaborative systems where relationships matter more than fixed roles alone.
What Relationship-Based Access Control (ReBAC) Commonly Supports
Common uses include shared documents, B2B collaboration, delegated administration, team-based platforms, and complex resource-sharing models.
Relationship-Based Access Control (ReBAC) vs. ABAC
ABAC relies on attributes and policy conditions broadly. ReBAC focuses more specifically on graph-like relationships between entities.
Frequently Asked Questions
Why is ReBAC useful?
Because it models real sharing and ownership patterns more naturally in collaborative systems.
Does ReBAC replace RBAC entirely?
Not necessarily. Many systems use roles, attributes, and relationships together.
Related Cybersecurity Terms
- Attribute-Based Access Control (ABAC)
- Fine-Grained Authorization
- Delegated Administration
- Tenant Isolation
