Policies are reusable sets of access rules that can be attached to one or more roles or members. Skyflow leverages a Policy Based Access Control which enables you to enforce dynamic, granular, real-time, condition based policies to govern access to your vault.
NIST defines Policy Based Access Control (PBAC) as "A strategy for managing user access to one or more systems, where the business roles of users is combined with policies to determine what access privileges users of each role should have. "
In the IAM industry this type of model is also sometimes referred to as a Role - centric Attribute Based Access Control (RABAC).
Here is a simplified representation of Skyflow’s PBAC model:
Vault Owners create a policy, then author a set of granular rules for it. They can then attach this policy to one or more roles. This action grants a set of permissions to the Role. Now, they can assign this role to members - Users (UI) or Service Accounts (API).
The benefit of this model is that you get the easy manageability of roles while preserving the granularity and dynamism of the ABAC model.