🚀 White Paper: How Fauna’s Document-Relational model addresses the limitations of traditional document databases
Download Free
Fauna logo
Product
Solutions
Pricing
Resources
Company
Log InContact usStart for free
Fauna logo
Pricing
Customers
Log InContact usStart for free
© 0 Fauna, Inc. All Rights Reserved.

Dynamic Attribute-Based Access Control:

Precision Meets Security

Eliminate additional infrastructure and secure data at its source with next-generation access controls
REQUEST A DEMOVIEW DOCUMENTATION

Introduction to Fauna Security

Explore Fauna's robust security features in 5 minutes: From encryption and access controls to comprehensive data compliance, Fauna ensures your data remains secure at every level.

WATCH VIDEO

Increase Flexibility and Scalability

Unlike static RBAC systems, Fauna's dynamic ABAC incorporates three levels of evaluation -- data, identity, and query -- allowing for custom logic that adapts to real-time criteria. This model assesses data attributes, user statuses, and complex query dependencies, providing a responsive security solution that evolves with business needs.


By integrating identity and query-level evaluations, Fauna's ABAC ensures continuous adaptation to changing conditions and complex business processes, enhancing security without compromising flexibility or scalability.

“Fauna is the reason we are still in business. There is not enough good stuff I can say about the folks over there.” Read case study

Alice

From Wonderland

Reduce Risk

Implement finely-tuned access controls that limit the impact of breaches. In instances where user credentials might be compromised, Fauna’s ABAC limits the blast radius and enforces the principle of least privilege, preventing malicious actors from moving laterally through the system. By enabling granular permissions based on the user’s real-time status and specific data attributes, Fauna ensures that any unauthorized access remains confined.

Decrease Infrastructure Costs

Fauna's ABAC reduces infrastructure spend by eliminating the additional security layers needed in RBAC systems, streamlining access control into a single, dynamic system that adapts to real-time changes.

Decrease Administrative Overhead

By allocating access decisions based on a rich set of attributes, Fauna's ABAC significantly reduces role explosion and the need for manual intervention in permission management. This not only speeds up administrative processes but also minimizes human errors. 


Meanwhile, Fauna’s ABAC helps organizations meet complex compliance requirements more efficiently. By leveraging attributes such as location, department, time of access, and more, companies can ensure that their data access policies comply with regulations like GDPR and  HIPAA.


Capabilities

Ready to ship apps faster? Start today.

Real-Time, Dynamic Policy Definition

Fauna’s ABAC goes beyond traditional static policies by enabling real-time, data-driven application of business logic to control access across three layers.

READ THE DOCS

Data ABAC: Controls access at the document level, based on predefined permissions within the documents.

Identity ABAC: Manages access based on the user's identity.

Query ABAC: Confirms user access rights by correlating the identity with relevant data tables.

READ THE DOCS

Dynamic Projection

Control not only who can access data but also customize the specific data that is returned, including its format. This means that responses can dynamically include operations like data masking or selective field retrieval, ensuring that users receive only the information they are authorized to see, tailored to the context of each query.

READ THE DOCS

Secure Data at its Source

Enforce access controls directly at the data source, ensuring that permissions are precisely defined and dynamically adjusted based on real-time conditions. This not only prevents unauthorized data access from the outset but also significantly reduces the potential for data breaches and leakage and reduces the need for additional middleware or bolt-on authorization infrastructure.

READ THE DOCS

Function-Based Data API

Create a secure Data API by granting execution permissions exclusively to specific functions, and applying membership to tokens linked solely to roles with API privileges – all without any engineering operations. This approach ensures that users cannot access collections or documents directly, but must interact with the data strictly through controlled functions - dictating allowable activities based on who is accessing, when, where, and under what specific conditions. 

READ THE DOCS

Use Cases

Limit Blast Radius

By granularly defining who can access what data and under what conditions, businesses can significantly reduce the impact of any security breach, confining potential damage to the smallest possible area. This is crucial for businesses that prioritize safeguarding sensitive data and maintaining operational integrity, particularly in sectors like finance and healthcare.

Data Compliance & Residency

Dynamically enforce access based on user attributes and specific compliance requirements like attributes such as job role, department, or even specific user statuses like certifications or training levels. Leveraging features such as locality-based access controls and Region Groups, organizations can ensure that data is accessed and managed in compliance with local laws and regulations, such as GDPR or CCPA.

Principle of Least Privilege

The PoLP ensures that individuals and systems are granted the minimum levels of access necessary for their roles. In sectors where sensitive data must be protected against unauthorized access and breaches, Fauna's ABAC enables organizations to implement this principle effectively. By dynamically assigning and adjusting access based on real-time evaluation of user roles, tasks, and conditions, Fauna helps prevent data exposure and limits security risks.

Dynamic & Real Time Workloads  

By enabling real-time access control adjustments based on user activity, data flow, and changing business conditions, Fauna ensures that data handling remains efficient and secure, even under fluctuating workloads. For dynamic and real-time workloads, Fauna's ABAC system provides a robust solution that adapts to the rapid pace and varying demands of industries like e-commerce and real-time analytics.

Architectural Overview

A distributed document-relational database delivered as a cloud API

DOWNLOAD NOW

“We needed a database that could support a distributed, multi-tenant architecture with robust ABAC and user controls. We looked at Dynamo and Mongo, but only Fauna delivered it all without extensive engineering.”

Arjun Bhatnagar

CEO @ Cloaked

Get started building with Fauna

Explore resources that can help get you up and running in minutes.

Sign up

Ready to build robust apps that scale without limits? Start today.

Start free trial

Quick start

Get up and running quickly with an interactive introduction to Fauna

GET STARTED

Multi-tenant SaaS Sample App

Learn how to build a multi-tenant, multi-region SaaS app without ops using Fauna and AWS

BUILD THE SAMPLE APP

New to Fauna Query Language?

This guide can help you get started with FQL in under 10 minutes.

READ MORE

Workshops

Learn how to build complete applications using technology like AWS, Cloudflare, and more.

EXPLORE THE WORKSHOPS

FAQs

Have other questions? Feel free to contact us, or browse our documentation.

CONTACT USVIEW DOCUMENTATION

How does Fauna’s ABAC enhance security compared to traditional access control methods like role-based access control (RBAC)?

Can ABAC policies be applied globally across all data types in Fauna?

How does Fauna handle changes in user attributes or roles?

Is there a limit to the number of attributes that can be used in an ABAC policy?

What support does Fauna offer for setting up ABAC in complex environments?

Ready to get started?

Launch a new app, modernize an existing app, and scale seamlessly across regions.

REQUEST DEMOSTART FOR FREE
START FREE TRIALGET A DEMO

Ready to get started? Launch a new app, modernize an existing app, and scale seamlessly across regions with Fauna.

Ready to get started? Launch a new app, modernize an existing app, and scale seamlessly across regions with Fauna.

LEARN MORE

Blog