CybeDefend uses a dual approach to access control:

  1. RBAC (Role-Based Access Control) assigns predefined roles, such as Admin or Viewer, to users within specific teams or projects.
  2. ReBAC (Relationship-Based Access Control) extends this model by considering relationships—like membership in multiple organizations or teams, each with unique roles.

ReBAC goes beyond basic role checks by examining the user’s relationship with an entity, allowing more flexible and fine-grained access rules.

What is ReBAC?

Relationship-Based Access Control (ReBAC) defines permissions based on the relationship between a user and an entity (e.g., “Alice is an Admin in Team1,” or “Bob is a Viewer in OrgA”). This approach is ideal for complex organizations that require nuanced distinctions between user roles and multiple groups or teams.

Key Advantages of ReBAC

  • Granular Permissions: Distinguish between different teams, projects, or business units with dynamic relationships.
  • Scalable Model: As new users, teams, or roles are added, ReBAC easily adapts without significant refactoring.
  • Flexible Hierarchies: Handle nested relationships (e.g., sub-teams) without needing to define every possible role combination in advance.

Open-Source ReBAC: react-rebac

CybeDefend has also developed an open-source library called react-rebac to simplify relationship-based access control in React applications. This library:

  • Manages user relationships with multiple entities (e.g., organizations, teams).
  • Conditionally Renders content based on user roles or relationships.
  • Supports single-entity mode and multi-entity mode (checking if the user has access to any of several entities).