Policy Based Access Control (PBAC) is authorization approach that organizes access privileges based on a user’s role (predefined rules or policies) to determine who is granted access to resources and under what conditions. Policies can consist of a variety of attributes, such as: name, organization, job title, security clearance, creation date, file type, location, time of day and sensitivity or threat level. Once these are combined to form policies, rules are established to evaluate who is requesting access, what they are requesting access to and the action determining access.

Learn more here.