Skip to Content
Author's profile photo Anand Nayak Rao Kotti

A Hybrid Access control Model:RBAC+ABAC

Access control decisions for business are no longer about permission to allow and deny. When Roles were introduced way back in 90’s, there was nothing like internet of things and the whole technology advancements we see in todays world. In 90’s Business operated in silo’s, there was minimal collaboration. Now in 2015 in a globalized world, if you are still sticking to the role based model, It is about the time you might want to rethink.

An access control decision is made based on multiple factors.


How can you apply the above contextual information to make access control decisions, JUST by using Role Based model?

This is a typical question that I pose for most of our prospect customers.  The answer I hear back from them often is                                                                #1 Customization  #2 More Roles …. More … More & More Roles



With SAP GRC new product offering SAP Dynamic Authorization management (SAP DAM), customers now have an option to choose from Customization, More Roles…More Roles/ SAP DAM.

SAP DAM access control model is a Hybrid of RBAC+ABAC.

  • RBAC stands for Role based access control model
  • ABAC stands for Attribute based access control model

In an RBAC model the PRIMARY roles defined would allow or deny the users at Transaction Code level.In an ABAC model we take the subject, environment, resource and action performed as attributes to make access control decisions at Org level.

A combination of RBAC+ABAC, becomes a very powerful access control tool for security administrators. The reason being  business can now make Fine Grained Dynamic attributes based access control decisions without any customization/ adding more and more roles. This is how the hybrid model works


With SAP DAM offering,SAP GRC gave a new dimension to streamline how we traditionally have been making access control decisions.

Anand Kotti

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      hi Anand,

      your generosity in sharing knowledge, is highly appreciated. Could you say, if there is any link, giving example on ABAC/Hybrid Access



      Author's profile photo Anand Nayak Rao Kotti
      Anand Nayak Rao Kotti
      Blog Post Author

      Hello Plaban,

      Thank you for your interest, to know more about SAP Dynamic Authorization Management (SAP DAM), Please refer to the link below for solution brief

      If you are interested to have a technical deep dive, I encourage you to contact

      Bill.Doss at NextLabs dot com

      Thank You

      Anand Kotti

      Author's profile photo Anand Nayak Rao Kotti
      Anand Nayak Rao Kotti
      Blog Post Author

      Hello Plaban,

      Did you get the product information, you are looking for ?

      Anand Kotti