As enterprises move their applications to the cloud, they’re adopting finer-grained authorization for their users in order to better secure architectures and applications. Today, many, if not most, organizations use a role-based access control (RBAC) model for secure access. But as the push for fine-grained control grows, many organizations are asking: should we transition to attribute-based access control (ABAC)?

Adopting a fine-grained policy-as-code authorization approach based on Open Policy Agent (OPA)– the leading open-source policy engine– is a huge step forward in building microservices applications that run reliably and securely.

As you probably know by now, PodSecurityPolicy has been deprecated from Kubernetes for over a year, since the release of Kubernetes 1.21. In short PSP was an admission controller that let cluster managers control security by managing pod-specific policy. Like most other admission controllers, PSP could specify requirements one must meet to enter a pod, and deny any requests which don’t meet that requirement. In rare cases, PSP could also modify pod fields, changing requirements for access.

Authentication and authorization are two complementary and critical parts of securing cloud-native applications and infrastructure. Yet, there can be some confusion between these terms. The importance of cybersecurity approaches, such as Zero Trust and the principle of least privilege, make it critical to understand and implement appropriate authorization and authentication processes across cloud-native development.

Access control is a key component of security programs, since it regulates who or what can access data and resources within an organization’s systems. Granting access only to authorized users prevents data breaches and malicious attacks and is a good way to practice the security principle of least privilege. This article focuses on RBAC, a type of access control, and its benefits and implementation.