Skip to content
Enterprise · AI PBAC

Policy-based access control for AI

Express the rule your auditor reads — "deny if requester is contractor AND resource is confidential AND time is outside business hours" — and let it run on every AI request. Subject, resource, action, AI-client, environment, context.

Three pillars of enterprise AI governance

Six attribute categories

Subject (role, team, clearance, employment status, manager, IdP groups). Resource (label, owner, project, retention, confidentiality). Action (read, write, delete, share_external, send_on_behalf). AI-client (vendor, model, region, MCP server identity). Environment (time, geolocation, network, device posture, request rate). Context (approval state, break-glass tokens, parent request).

Runtime context, beyond RBAC

RBAC binds permissions to roles ("eng-cursor can read Drive"). PBAC adds runtime context: time-of-day, source IP, recent behavior, sensitivity classification, device posture. The same user gets a different decision at 3am on an unmanaged device than at noon on a managed laptop.

Auditor-grade expressions

WHEN subject AND resource AND action AND environment THEN allow / deny / require approval. Policies are versioned, diffable, and testable against historical request traces before rollout. Every evaluation produces a per-request audit record naming the policy version that decided it.

Compliance map

How PBAC helps you satisfy the controls your auditors read

RequirementWhat PortEden doesEvidence
NIST 800-53 AC-3(4) — Attribute-based access control (ABAC)PBAC engine evaluates subject, resource, action, and environment attributes per request. Decisions are recorded with the policy version, attribute snapshot, and outcome.Per-request attribute trace · policy-version-stamped decisions
NIST 800-53 AC-16 — Security and privacy attributesAttributes (clearance, classification, purpose, sensitivity) propagate from IdP and resource metadata into the policy evaluator at request time.IdP + resource attribute propagation · per-request snapshot
SOC 2 CC6.1 / CC6.3 — Logical access & user access managementPer-request access decisions with full attribute trace. Continuous evidence collection via SIEM stream supports CC6.1 and CC6.3 populations.Tamper-evident SIEM stream · per-request decision evidence
HIPAA §164.312(a)(1) — Access control (technical safeguard)Minimum-necessary access enforced via patient-panel and clinician-id attributes. PHI never reaches an AI client outside the authorized scope.Per-request decision log · default-deny on missing scope
GDPR Art. 25 — Data protection by design and by defaultPrivacy attributes (purpose, lawful basis, data subject category) are required policy inputs. Defaults deny processing without an explicit purpose attribute.DPA · default-deny on missing purpose attribute
ISO 27001 A.5.15 / A.5.34 — Access control & privacyDocumented attribute model. Per-request audit supports access reviews and DPIA evidence.Documented attribute model · per-request audit exportable

Built for procurement

DPA available
Subprocessor list
SIG / CAIQ pre-filled
Pen-test report on request
Book a demo

Talk to our enterprise team

30-minute discovery call. Bring your security questionnaire.

Frequently Asked Questions

What is PBAC and how does it differ from RBAC?
RBAC (role-based access control) binds permissions to named roles — "the analyst role can read Drive." PBAC (policy-based access control) decides every request from a richer attribute set — subject, resource, action, AI-client, environment, and context. PBAC handles the cases auditors care about: "deny if requester is contractor AND resource is confidential AND time is outside business hours." RBAC and PBAC layer cleanly: roles are one input attribute among many.
Do you support ABAC (attribute-based access control)?
Yes — PBAC is a superset of ABAC. Attribute-based decisions over subject, resource, action, and environment are the core evaluation. PortEden adds AI-client and context as first-class attributes that traditional ABAC engines don't model, because they didn't have to before agentic AI existed.
Can policies require human approval before allowing access?
Yes. The decision space is allow / deny / require_approval. When require_approval fires, the request is paused, an approval workflow is triggered (Slack, Teams, email, or webhook to your ticketing system), and the request resumes with the approval token included in the audit record. Approvers can be policy-defined ("manager of subject") or routed by attribute.
How are conflicting policies resolved?
Deny rules are non-overridable downward — a deny at the organization level cannot be relaxed by a department or team policy. Allow rules require explicit composition. Conflict resolution is deterministic and recorded in the audit log: every decision names the policy version, the rules evaluated, the attribute snapshot, and the resolution path.
Can I test policies before rolling them out?
Yes. PortEden supports observe-only mode where new policies are evaluated against live traffic but the live decision is unchanged. The dual-evaluation report shows what would change, on which requests, for which subjects. You promote the new policy to enforcing mode once the report is acceptable.
How are policy changes audited?
Policies are versioned (semver-style). Every change is signed, attributed to an actor, and emits an admin event to the audit stream. Policy diffs are exportable as signed evidence. Auditors can reconstruct "which policy was in effect on date X" exactly because every authorization decision references its policy version.

Ready to govern AI across your organization?

Book a discovery call. Bring your security questionnaire — DPA, subprocessor list, and pen-test summary available on request.