Authorization is the process of giving someone the ability to access a digital resource. To keep sensitive information protected, you should limit user access to only the resources that they need.
System administrators define which users can access the system and which actions they can perform within it. The actions users are allowed to perform are known as permissions. A permission becomes a privilege, or responsibility when it is assigned to a user. Privileges can be based on user roles, identity attributes, risk factors, organization rules and policies, or any combination, and can be assigned using a variety of different methods.
The authorization process occurs after authentication. First, users prove that they are who they claim to be. Then, processes occur that determine which applications and files they’re allowed to access and what they’re allowed to do when they access them.
You can compare these processes to boarding a plane.
During the check-in process, you prove that you are who you claim to be by presenting your identification and obtaining a boarding pass.
During the security check process, you present your identification and your boarding pass to obtain access to the concourses. If you do not have a boarding pass, you’re not authorized to enter the concourses.
You present your boarding pass to the airline staff, which allows you to board the plane. Your assigned seat determines which part of the plane and accompanying services you can enjoy. If you don’t have an assigned seat in first class, you’re unfortunately not authorized to enjoy that experience and will have to take your seat in coach.
If you think about it, you are likely familiar with these processes in other situations, too. Whether it be attending a movie or concert, or staying in a hotel -- you present your identification to prove that you purchased the tickets or hotel stay, and you receive tickets or keys authorizing your entrance.
There are an infinite number of ways users are authorized to access digital resources. The most widely used authorization methods include:
There are also a variety of ways to implement these methods. In enterprise organizations, automated user and account provisioning processes are used to create, update, and delete large numbers of users and accounts at once. See User and Account Provisioning to learn how it works.