Attribute-based access control (ABAC), also known as policy-based access control for IAM, defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.


It is the act of proving an assertion, such as the identity of a computer system user. It tells who you are.


Is the function of specifying access rights/privileges to resources. It tells what you can do.

Cerbos Engine / Server

Also known as Cerbos Policy Decision Point (PDP) is the heart of Cerbos, a central piece of software that processes all the requests. It is built for modern, containerised microservice environments with support for both x86-64 and ARM64 architectures, comprehensive observability integrations (metrics, distributed tracing), REST and gRPC endpoints, and native GitOps support (CI tooling, push-to-deploy).


Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol.


The entity which is being authorised to perform an action. It can be a person/user, a service or any other identity


The entity that the principal is requesting access to. These are typically the main objects that the policy is being applied to.


The action that the principal is requesting access to. It is a verb that is used to describe the type of access that is being requested.


A playground, playpark, or play area is a place designed to provide an environment for developers that facilitates play and test a specific technology.


Software Development Kit, is a collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger within a software framework.


Role Based Access Control. It is a policy-neutral access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments.


(Relationship-based Access Control)is a feature that allows admins to set up a system of delegated administration with which users can self-manage their relationships to digital assets.


(Yet Another Markup Language) is a human-readable data-serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted.