Traditionally, customers have used role-based access control (RBAC) to manage entitlements within their applications. Customers can address this role explosion by moving authorization logic out of the application code, and implementing a policy-based access control (PBAC) model that augments RBAC with attribute-based access control (ABAC). In this blog post, we cover roles and entitlements, how they are applicable in apps authorization decisions, how customers implement roles and authorization in their app today, and how to shift to a centralized PBAC model by using https://aws.amazon.com/verified-permissions/.

The demo application uses Cognito groups to manage role assignment, Verified Permissions to implement entitlements for the roles.

This policy now expands on the granularity of access of the original RBAC policy without leading to numerous RBAC policies.

Related Articles