How does this work? Let’s look at a few examples.
Consider current approaches to which data your employees can access. Traditionally, access controls were assigned depending on the role performed within the company. For example, HR employees have access to payroll, tax and pension data; those in the customer function could access customer databases, etc. This is usually referred to as role-based access controls (RBAC).
A more sophisticated approach is called attribute-based access control (ABAC), which specifies which types of data employees can access based on their role and the context, such as location, task and time. So instead of all HR employees having blanket access to payroll, tax and pension data, certain roles would be able to access the data they needed only when taxes needed to be calculated, or pension contributions needed to be reported or during salary reviews. Access may be granted only during working hours, for example, and only for employees located in the same country.
Think of it as the difference between walking into the kitchen and having free access to the entire room and every appliance in it, versus only the ingredients you need for a specific recipe along with the cooker and fridge for the specific amount of time required to cook dinner. You give people access to what they need, to do the task they’ve been assigned.