This work addresses the limited explainability of attribute-based access control (ABAC) systems when denying access requests, which often leaves users without meaningful feedback. To bridge this gap, the authors propose EXTree, a novel approach that jointly optimizes interpretability and evaluation efficiency by designing an actionable explanation mechanism tailored for denial scenarios. EXTree encodes ABAC policies into a tree structure and employs a construction strategy based on entropy, variability, and randomized policy sampling to simultaneously support efficient authorization decisions and generate human-readable explanations. Experimental results demonstrate that EXTree substantially enhances policy interpretability for end users, effectively narrowing the gap between complex access logic and human comprehension.

With increasing emphasis on transparency in digital governance, users expect more than silence when their access requests are denied by a system. However, authorization methods are notorious for their inability to provide any form of meaningful feedback under such situations. This paper shows a direction towards how the problem of explainability can be mitigated in the context of Attribute-based Access Control (ABAC), arguably the most researched topic in access control in recent years. We introduce EXTree, which represents ABAC policies optimized for both fast evaluation (Efficiency) and human-centric feedback (Explainability) in the form of a tree. Two strategic dimensions are investigated, namely, Feedback Evaluation Strategies - how to craft actionable explanations when access is denied, and Tree Construction Strategies - how the policy trees should be structured for efficient yet interpretable decisions. Through extensive experiments, we compare entropy-based, changeability-based, and randomly generated trees across multiple configurations. Our results demonstrate that EXTree, built for efficiency and interpretability, can bridge the gap between complex authorization logic and human understanding.