ServiceChanger
  • SERVICECHANGER V3
    • Introduction
  • GETTING STARTED
    • How to get started?
    • Learn the basics
    • Attribute Hierarchy: A Simple Guide
  • FEATURES
    • Automated Group Assignment
    • Attribute-Based Access Control
    • Intelligent Group Recommendations
    • Primary Collaboration Groups
    • Data Cleaner
    • Self-Service Portal
  • GENERAL
    • Microsoft Entra ID
    • Roles and App Settings
    • API Documentation
      • Example: Membership Runbook
    • Frequently Asked Questions (FAQ)
    • Roadmap
  • Support & Need Help?
  • Changelog - What's New?
Powered by GitBook
On this page
  • Structure
  • Highest Level: Departments
  • Middle Level: Locations
  • Granular Level: Job Titles
  • Why This Order?
  1. GETTING STARTED

Attribute Hierarchy: A Simple Guide

Focusing on Department, Location, and Job Title

PreviousLearn the basicsNextAutomated Group Assignment

Last updated 2 months ago

In , access is determined by key attributes rather than fixed roles. This ensures flexibility, scalability, and precision in managing permissions.

To build a clean and maintainable ABAC model, we organize attributes into three levels:

  • Highest Level: Departments

  • Middle Level: Locations

  • Granular Level: Job Titles

Structure

Highest Level: Departments

Access is grouped based on functional teams like Sales, HR, or IT.

Starting with departments ensures that users within the same function have access to shared tools and data. This approach:

  • Simplifies management by setting broad permissions first.

  • Covers most access needs at an organizational level.

Middle Level: Locations

Access is refined based on where people work.

Once department-based access is set, location-based adjustments help fine-tune permissions. This is useful for:

  • Addressing regional compliance requirements.

  • Providing access to location-specific tools or resources.

Granular Level: Job Titles

Access is fine-tuned based on a person’s specific function.

Job titles ensure precise access control by determining:

  • Which additional permissions are needed for a specific role.

  • What should be restricted to maintain security.

Why This Order?

This structured approach ensures: ✅ Broad access needs are covered first (Departments). ✅ Regional variations are handled efficiently (Locations). ✅ Fine-grained control is applied last (Job Titles).

By following this hierarchy, ABAC remains scalable, secure, and easy to manage, ensuring users receive only the access they need, nothing more, nothing less.

Attribute-Based Access Control (ABAC)