Authorization

Definition

Authorization is the process of deciding what a user or system is allowed to do after they have already authenticated. It answers the question: “Now that we know who you are, what can you access?” Authentication confirms identity. Authorization confirms permissions.

Permissions are often based on the user’s role, job function, or group membership. For example, a regular employee may be allowed to view data but not change it. An administrator may be permitted to manage accounts or modify system settings. Sensitive resources and actions are restricted so only the right people can use them.

Authorization controls include:

* File and folder access permissions
* Application and database access rules
* Network segmentation that limits which systems a device can reach
* Role-Based Access Control where access is tied to job responsibilities

Authorization logs help analysts see when a user or system attempts an action they are not permitted to perform. Many failed authorization checks can indicate abuse of credentials or an attacker testing what they can access. Strong authorization reduces the damage an attacker can do, even if they manage to get into an account.

Authorization

Definition

Explore More Terms