ABAC is a model of authorization that facilitates context-aware, dynamic, and risk-intelligent access control. It helps achieve effective regulatory compliance, secure cloud infrastructure, reduced time-to-market for new applications, and a top-down approach to governance through policy enforcement accountability.
SAP and ABAC
Attribute-Based Access Control (ABAC) uses attributes in a standardized language as building blocks that define access control rules and explain access requests. Attributes are collections of labels or properties that can be used to identify all entities that need to be considered for authorization purposes. Each attribute comprises a key-value pair, for example, “Role=Sales Executive.”
SAP has a Dynamic Authorization Management which uses the ABAC functionality to make available secure access to company data in SAP applications. That means the software uses real-time contextual information from several sources to assess each user’s entitlements. While deciding whether to allow access, SAP Dynamic Authorization Management draws information about the user’s account profile, history of previous authorization requests, and the person’s device. This also matches the status of the particular enterprise-data that the user wants to access, and the operation that the person needs to conduct – whether reading, writing, printing, or exchanging information. Moreover, the app also takes into account specific considerations, including the geographical location and nationality of the user. The program allows you to set up specific actions each time a request for access is approved to meet the requirements of your enterprise-data access control policies.
XACML: The Standard
Attribute-based access control (ABAC) is generally implemented via XACML, which has become the default standard used in enterprise software market. The language used in the XACML policy is as expressive as a natural language. A Policy Administration Point (PAP), Policy Enforcement Point (PEP), Policy Decision Point (PDP), and Policy Information Point (PIP) are the essential elements of XACML architecture. The primary advantage of separating these areas is the ability to adapt authorization policies fast and reduce ongoing system maintenance rapidly.
Access Controls Based on Policy
Evaluation of the attributes allows for efficient policy-based authorization. Attributes within the infrastructure are often retrieved from the various information systems. Therefore a regulation will combine the data status of several systems to address an authorization request. Therefore, authorization makes it possible to implement workflows that incorporate IT support from various IT systems, something that is close to impossible with conventional models of access control.
SAP ABAC: Key Advantages
SAP ABAC provides you with dynamic, attribute-based access control (ABAC) to promote collaboration while improving compliance and the protection of enterprise data.
SAP Dynamic Authorization Management lets you:
- Forge secure collaboration across business verticals
- Develop clear access control policies across enterprise-wide SAP applications
- Improve information security through enforcement of data sharing and access policies
- Meet compliance obligations effectively and simplify compliance-related reporting
SAP ABAC also helps you secure ERP data without losing efficiency. It:
- Allows preventive policies applied before data is transmitted during transaction execution
- Features clear policies which business owners can easily administer
- Supports roll-out of new access control policies across the entire user base instantaneously
As part of its granular access control, it:
- Applies contextual information from different sources in real-time
- Draws information from user account profiles
- Examines the status of the specific data item that a user needs to access
SAP ABAC makes access management less complex:
- Automatically incorporates the business rules and policies for the governance of continuous access
- Applies the rules of access control and system-level authorization policies from a single, standard console
- Delivers, for the purpose of policy administration, an intuitive graphical interface
Meet your mandatory compliance obligations with SAP ABAC
- Provides features for meeting the data protection and non-disclosure requirements
- Enables the establishment of compliant and consistent data segregation rules
- Audits the usage of sensitive data
Despite all the features mentioned above, there still exists scope for a data breach as the recent spike in the number of phishing attacks across organizations has demonstrated. Therefore, on the part of enterprises, it is pertinent to invest in additional data security platforms that deliver robust data protection.