Enhance the dynamic nature of RBAC, security, as far as possible to weaken the role of permissions encapsulation generated by the role of granularity issues
There is always the problem of static role permissions. The overall permission system cannot affect role permissions
The ABAC attribute mechanism is used to improve the granularity and the orderliness of permissions. To enhance ABAC security by adding unique attribute values
ABAC makes the overall model more difficult to manage as the number of attributes increases. Second, the large number of permission units generated by many attributes is difficult to track
Use the characteristics of RBAC privilege encapsulation to manage many attributes in ABAC, thus reconciling the disadvantages of each
Many unordered attribute aggregation units can make the mixed access control model create the problem of role explosion. But, too little attribute aggregation units can create the problem of insufficient granularity of permissions in RBAC