Even for senior software developers, wading into the world of IAM (Identity & Access Management) and access control can be daunting. Making your way through the acronyms is a chore in and of itself — RBAC, ABAC, PBAC, XACML, SAML, etc. Then, you must wrap your head around the complexities of roles, permissions, attributes and so on.
But, at its core, a policy-based access control model (also referred to as Attribute Based Access Control or “ABAC”) is a concept any developer can understand. The phrase “access control” refers to application mechanisms that govern what each user can (or can’t) see and do. And a “policy” is a principle, rule, or guideline formulated or adopted by an organization.