ABAC is an access control paradigm wherein access rights are granted to users through the use of policies that combine attributes. These attributes can include user-related attributes (e.g., job role, department), resource-related attributes (e.g., sensitivity level), and environmental attributes (e.g., time of access, location). This contrasts with other access control methods like Role-Based Access Control (RBAC), which relies solely on predefined roles.