Different companies or software providers have devised countless ways to control user access to functions or resources, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). In essence, whatever the type of access control model, three basic elements can be abstracted: user, system/application, and policy.
RBAC, or Role-Based Access Control, takes an approach whereby users are granted (or denied) access to resources based on their role in the organization.
Here’s an example Role in the “default” namespace in Kubernetes that can be used to grant read access to pods: ABAC stands for Attribute-Based Access Control.
Kubernetes initially uses ABAC as access control and is configured via JSON Lines, for example: Alice can just read pods in namespace “foo”: NGAC, or Next Generation Access Control, takes the approach of modeling access decision data as a graph.