Authentication & Authorization

Valtimo has build in Policy-Based Access Control (PBAC), which is defined in a JSON structure. 

It offers an advanced access control model that uses policies to define and enforce access permissions for users or systems. Instead of assigning access rights directly to roles or individuals (as in Role-Based Access Control, or RBAC), PBAC relies on dynamic policies that consider a range of factors to determine whether access should be granted. 

For example, a PBAC policy could specify that “employees in the warehouse department can access order case data during business hours.” This policy evaluates multiple criteria—department and time – before granting access. PBAC is particularly useful in complex environments where access decisions depend on dynamic and context-sensitive conditions.