One of the great benefits of Attribute Based Access Control (ABAC) is that it can be as coarse or fine-grained as you need it to be. You start with two attributes: role and data, and you have Role Based Access Control (RBAC). But from there, it gets much more interesting, as you can add as few or as many attributes as necessary to your authorization policy in order to control who can access what. Attributes such as time of day, location of user, device being used, etc. The context of each attribute is then taken into consideration at the time of request before access is granted or denied.