A naukri.com initiative
Amazon
1M
357
Image Credit: Amazon
How to implement relationship-based access control with Amazon Verified Permissions and Amazon Neptune
- In this blog post, we show you how to implement ReBAC using Verified Permissions and Amazon Neptune, a managed, serverless graph database on AWS.
- Externalized authorization for custom applications is a security approach where access control decisions are managed outside of the application logic.
- Two common access control models that you might consider when implementing your authorization system are role-based access control (RBAC) and attribute-based access control (ABAC).
- Relationship-based access control (ReBAC) offers a more nuanced approach by using the relationships between users and resources to make decisions about permitted actions, thus addressing scenarios more efficiently than other models.
- The core principle of ReBAC is that authorization decisions are based on the relationships between the principal requesting access and the resource being accessed.
- Common relationship models in ReBAC include resource ownership, resource hierarchies, and user hierarchies.
- Relationship data is stored in Neptune. Prior to requesting an authorization decision from Verified Permissions, the application runs a Neptune query that traverses the relationship graph to retrieve the set of principals that have a specific relationship with the resource.
- Verified Permissions uses the Cedar policy language to define fine-grained permissions. ReBAC policies are a great fit when you want to create access based on a relationship between the principal and the resource.
- ReBAC policies can also be combined with ABAC policies to enable more intuitive expressions of business rules.
- To learn more about this solution and the source code, visit the GitHub repository. For more information, see Cedar Policies, Amazon Verified Permissions, and Amazon Neptune.
Read Full Article
21 Likes
For uninterrupted reading, download the app