Authorization

Definition

Authorization is the process of specifying access rights/privileges to resources. It determines what a user is allowed to do after they have been successfully authenticated.

Why It Matters

Authorization enforces the principle of least privilege, ensuring that users can only access the specific data and functions necessary for their role. This is critical for protecting sensitive information and preventing unauthorized actions.

Contextual Example

After logging into a system (authentication), a regular user might be authorized to read documents, but only an administrator is authorized to delete them.

Common Misunderstandings

• Authorization happens after authentication. First you prove who you are, then the system checks what you are allowed to do.
• Authorization can be implemented using roles (Role-Based Access Control - RBAC) or specific attributes (Attribute-Based Access Control - ABAC).

Related Terms