A security strategy that manages access to systems and resources by defining policies based on user roles or attributes, organizational rules or standards, or environmental conditions