EIRP Proceedings, Vol 15, No 1 (2020)

Comparative Study of Access Control Methods in Enterprise Information Systems, Based on RBAC, ABAC, and TBAC policies

Marcel Danilescu


Controlling access to a company’s IT systems is a way to ensure that users are the ones who say they are and have proper access to company data and documents. At a high level, controlling access to a company’s data and applications is a selective restriction on access to data. It consists of two main components: authentication and authorization. Authentication is used to confirm that someone is the claimant, and this is not enough for themselves to ensure data protection. Authorization is additional levels which determines which user should be allowed access to data or perform an action (operation / transaction). For their implementation, several authentication and authorization methods have been created, of which, within this study, we approach, Role Based Access Control (RBAC), Attribute-based access control (ABAC) and Trust-based access control (TBAC). This study makes a comparative analysis on the principles underlying RBAC (Role Based Access Control), ABAC (Attribute-based access control) and TBAC (Trust-based access control) and the ways of application and collaboration between them.


Full Text: PDF



  • There are currently no refbacks.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.