Authorization, broadly, is the process of granting appropriate access to a verified user. In contrast to authentication, which confirms a user's identity, authorization defines what that user is permitted to do. This might include viewing certain types of data, executing transactions, or accessing specific structures. Authorization is governed by policies and roles that define permissions related to resources. They might follow a user's role within an organization or specific account identity. The most effective authorization systems follow the principle of least privilege, granting only the minimum access needed for the user to perform their job functions.
Use case/ examples for authorization
Role-based access control: Defining and enforcing access permissions based on user roles within an organization, ensuring employees can only access systems and data that are necessary for their specific job function.
Transaction limits: Setting authorization rules that restrict transaction types or amounts based on user profiles, requiring additional approval for actions that exceed established thresholds.
Privilege management: Managing and auditing user permissions to ensure authorization levels remain appropriate across the enterprise and to reduce the potential for privilege abuse.