How to implement relationship-based access control with Amazon Verified Permissions and Amazon Neptune
Security Blog
This article discusses how to implement relationship-based access control (ReBAC) using Amazon Verified Permissions and Amazon Neptune. ReBAC is an access control model where authorization decisions are based on the relationships between the principal requesting access and the resource being accessed.
Specifically, the article covers:
- What is ReBAC and its benefits over traditional access control models like RBAC and ABAC
- Common relationship models in ReBAC like resource ownership, resource hierarchies, and user hierarchies
- An example scenario for a video application implementing ReBAC
- Overview of the ReBAC application architecture using Verified Permissions and Neptune
- Data modeling and graph queries in Neptune to represent and traverse relationships
- Cedar policy design for ReBAC policies
- Structure of authorization requests to Verified Permissions with relationship data
- How to combine ReBAC policies with ABAC policies using Cedar
- Conclusion summarizing the implementation of ReBAC with Verified Permissions and Neptune
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Feb 12
2025
2025
Unlock the power of fine-grained access control with Amazon Verified Permissions
Feb 13
2024
2024
SaaS access control using Amazon Verified Permissions with a per-tenant policy store
Jan 22
2024
2024
How to build a unified authorization layer for identity providers with Amazon Verified Permissions
Mar 26
2024
2024
Use Amazon Verified Permissions for fine-grained authorization at scale
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.