In computer systems security, Relationship-based access control (ReBAC) defines an authorization paradigm where a subject's permission to access a resource is defined by the presence of relationships between those subjects and resources.
The nodes and edges of this graph are very similar to triples in the Resource Description Framework (RDF) data format.
The downside of ReBAC is that, while it allows more fine-grained access, this means that the application may need to perform more authorization checks.
[2] The paper defines a system composed of a namespace configuration and relationship data expressed as triples.
Since the release of that paper, several companies have built commercial and open source offerings of ReBAC systems.