Dynamic Attribute-Based Access Control:
Precision Meets Security
Introduction to Fauna Security
Explore Fauna's robust security features in 5 minutes: From encryption and access controls to comprehensive data compliance, Fauna ensures your data remains secure at every level.
Increase Flexibility and Scalability
Unlike static RBAC systems, Fauna's dynamic ABAC incorporates three levels of evaluation -- data, identity, and query -- allowing for custom logic that adapts to real-time criteria. This model assesses data attributes, user statuses, and complex query dependencies, providing a responsive security solution that evolves with business needs.
By integrating identity and query-level evaluations, Fauna's ABAC ensures continuous adaptation to changing conditions and complex business processes, enhancing security without compromising flexibility or scalability.
“Fauna is the reason we are still in business. There is not enough good stuff I can say about the folks over there.” Read case study
Alice
From Wonderland
Reduce Risk
Implement finely-tuned access controls that limit the impact of breaches. In instances where user credentials might be compromised, Fauna’s ABAC limits the blast radius and enforces the principle of least privilege, preventing malicious actors from moving laterally through the system. By enabling granular permissions based on the user’s real-time status and specific data attributes, Fauna ensures that any unauthorized access remains confined.
Decrease Infrastructure Costs
Fauna's ABAC reduces infrastructure spend by eliminating the additional security layers needed in RBAC systems, streamlining access control into a single, dynamic system that adapts to real-time changes.
Decrease Administrative Overhead
By allocating access decisions based on a rich set of attributes, Fauna's ABAC significantly reduces role explosion and the need for manual intervention in permission management. This not only speeds up administrative processes but also minimizes human errors.
Meanwhile, Fauna’s ABAC helps organizations meet complex compliance requirements more efficiently. By leveraging attributes such as location, department, time of access, and more, companies can ensure that their data access policies comply with regulations like GDPR and HIPAA.
Capabilities
Ready to ship apps faster? Start today.
Real-Time, Dynamic Policy Definition
Fauna’s ABAC goes beyond traditional static policies by enabling real-time, data-driven application of business logic to control access across three layers.
Data ABAC: Controls access at the document level, based on predefined permissions within the documents.
Identity ABAC: Manages access based on the user's identity.
Query ABAC: Confirms user access rights by correlating the identity with relevant data tables.
Dynamic Projection
Control not only who can access data but also customize the specific data that is returned, including its format. This means that responses can dynamically include operations like data masking or selective field retrieval, ensuring that users receive only the information they are authorized to see, tailored to the context of each query.
Secure Data at its Source
Enforce access controls directly at the data source, ensuring that permissions are precisely defined and dynamically adjusted based on real-time conditions. This not only prevents unauthorized data access from the outset but also significantly reduces the potential for data breaches and leakage and reduces the need for additional middleware or bolt-on authorization infrastructure.
Function-Based Data API
Create a secure Data API by granting execution permissions exclusively to specific functions, and applying membership to tokens linked solely to roles with API privileges – all without any engineering operations. This approach ensures that users cannot access collections or documents directly, but must interact with the data strictly through controlled functions - dictating allowable activities based on who is accessing, when, where, and under what specific conditions.
Use Cases
Limit Blast Radius
By granularly defining who can access what data and under what conditions, businesses can significantly reduce the impact of any security breach, confining potential damage to the smallest possible area. This is crucial for businesses that prioritize safeguarding sensitive data and maintaining operational integrity, particularly in sectors like finance and healthcare.
Data Compliance & Residency
Dynamically enforce access based on user attributes and specific compliance requirements like attributes such as job role, department, or even specific user statuses like certifications or training levels. Leveraging features such as locality-based access controls and Region Groups, organizations can ensure that data is accessed and managed in compliance with local laws and regulations, such as GDPR or CCPA.
Principle of Least Privilege
The PoLP ensures that individuals and systems are granted the minimum levels of access necessary for their roles. In sectors where sensitive data must be protected against unauthorized access and breaches, Fauna's ABAC enables organizations to implement this principle effectively. By dynamically assigning and adjusting access based on real-time evaluation of user roles, tasks, and conditions, Fauna helps prevent data exposure and limits security risks.
Dynamic & Real Time Workloads
By enabling real-time access control adjustments based on user activity, data flow, and changing business conditions, Fauna ensures that data handling remains efficient and secure, even under fluctuating workloads. For dynamic and real-time workloads, Fauna's ABAC system provides a robust solution that adapts to the rapid pace and varying demands of industries like e-commerce and real-time analytics.
Architectural Overview
A distributed document-relational database delivered as a cloud API
“We needed a database that could support a distributed, multi-tenant architecture with robust ABAC and user controls. We looked at Dynamo and Mongo, but only Fauna delivered it all without extensive engineering.”
Arjun Bhatnagar
CEO @ Cloaked
Get started building with Fauna
Explore resources that can help get you up and running in minutes.
Multi-tenant SaaS Sample App
Learn how to build a multi-tenant, multi-region SaaS app without ops using Fauna and AWS
BUILD THE SAMPLE APP
New to Fauna Query Language?
This guide can help you get started with FQL in under 10 minutes.
READ MORE
Workshops
Learn how to build complete applications using technology like AWS, Cloudflare, and more.
EXPLORE THE WORKSHOPS
FAQs
Have other questions? Feel free to contact us, or browse our documentation.
Ready to get started?
Launch a new app, modernize an existing app, and scale seamlessly across regions.
Ready to get started? Launch a new app, modernize an existing app, and scale seamlessly across regions with Fauna.
Ready to get started? Launch a new app, modernize an existing app, and scale seamlessly across regions with Fauna.