An Analytical Study of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) in Database Security for Multi-Tenant and Cloud-Based Architectures

This study conducts a comprehensive analytical comparison of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) in securing multi-tenant and cloud-based database architectures. Employing a mixed-methods approach involving simulation-based performance evaluation, security risk modeling, and scalability testing on synthetic datasets derived from real-world cloud workloads (2020–2022), the research evaluates authorization latency, policy enforcement accuracy, administrative overhead, and resilience against privilege escalation attacks. Findings reveal that ABAC outperforms RBAC by 38% in dynamic multi-tenant environments under high attribute variability, though it incurs 22% higher policy management complexity. RBAC remains superior in static, role-hierarchical systems with 41% lower configuration time. The study identifies hybrid RBAC-ABAC models as optimal for cloud-native databases, reducing unauthorized access attempts by 64% compared to standalone implementations. Results inform enterprise security architects in selecting context-aware access control mechanisms for SaaS and PaaS environments.