CybeDefend uses a dual approach to access control:
  1. RBAC (Role-Based Access Control) assigns predefined roles, such as Admin or Viewer, to users within specific teams or projects.
  2. ReBAC (Relationship-Based Access Control) extends this model by considering relationships—like membership in multiple organizations or teams, each with unique roles.
RBAC & ReBAC Management
ReBAC goes beyond basic role checks by examining the user’s relationship with an entity, allowing more flexible and fine-grained access rules.

What is ReBAC?

Relationship-Based Access Control (ReBAC) defines permissions based on the relationship between a user and an entity (e.g., “Alice is an Admin in Team1,” or “Bob is a Viewer in OrgA”). This approach is ideal for complex organizations that require nuanced distinctions between user roles and multiple groups or teams.

Key Advantages of ReBAC

  • Granular Permissions: Distinguish between different teams, projects, or business units with dynamic relationships.
  • Scalable Model: As new users, teams, or roles are added, ReBAC easily adapts without significant refactoring.
  • Flexible Hierarchies: Handle nested relationships (e.g., sub-teams) without needing to define every possible role combination in advance.

Open-Source ReBAC: react-rebac

CybeDefend has also developed an open-source library called react-rebac to simplify relationship-based access control in React applications. This library:
  • Manages user relationships with multiple entities (e.g., organizations, teams).
  • Conditionally Renders content based on user roles or relationships.
  • Supports single-entity mode and multi-entity mode (checking if the user has access to any of several entities).