DOI: 10.14569/IJACSA.2026.0170211

Understanding Authentication and Authorization: A Comparative Analysis of Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC) Authorization Models

Author 1: Madhuri Margam

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 17 Issue 2, 2026.

Abstract: This study elucidates the distinctions between authentication and authorization within information security, two fundamental yet frequently conflated concepts. While authentication serves to confirm an entity’s identity, authorization determines the permissible actions that entity may execute. A thorough understanding of these mechanisms is critical for architecting secure, scalable systems and reducing vulnerabilities. The study further explores three widely adopted authorization paradigms using a gymnasium analogy: Role-Based Access Control (RBAC), which assigns privileges based on predefined roles; Attribute-Based Access Control (ABAC), which leverages a dynamic evaluation of user and contextual attributes; and Relationship-Based Access Control (ReBAC), which determines access based on defined relationships among entities. The concluding discussion emphasizes that optimal security is realized when authentication and authorization function cohesively.

Keywords: Authentication; authorization; access control; Role-Based Access Control (RBAC); Attribute-Based Access Control (ABAC); Relationship-Based Access Control (ReBAC); information security; least privilege; Zero Trust

Madhuri Margam. “Understanding Authentication and Authorization: A Comparative Analysis of Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC) Authorization Models”. International Journal of Advanced Computer Science and Applications (IJACSA) 17.2 (2026). http://dx.doi.org/10.14569/IJACSA.2026.0170211

@article{Margam2026,
title = {Understanding Authentication and Authorization: A Comparative Analysis of Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC) Authorization Models},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2026.0170211},
url = {http://dx.doi.org/10.14569/IJACSA.2026.0170211},
year = {2026},
publisher = {The Science and Information Organization},
volume = {17},
number = {2},
author = {Madhuri Margam}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

Computer Vision Conference (CVC) 2026

21-22 May 2026

Computing Conference 2026

9-10 July 2026

Artificial Intelligence Conference 2026

3-4 September 2026

Future Technologies Conference (FTC) 2026

15-16 October 2026