Chapter-7

Criteria	RBAC	ABAC
Model Type	Role-centric	Attribute-centric
Access Control	Static, based on predefined roles	Dynamic, based on multiple attributes
Complexity	Simpler to implement and manage	More complex, policy-driven
Flexibility	Limited contextual awareness	Highly flexible and context-aware
Scalability	Can lead to role explosion	Handles diverse scenarios better
Compliance Support	Strong SoD enforcement	Fine-grained control for compliance

¶ Authorization in SAP Identity Management: Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC)