Dynamic authorization is a context-based decision model that allows you to closely manage a user’s interactions with a given resource in real time, whether for access control, operational restriction, or data filtering. With dynamic authorization, you specify the authorization conditions and behaviors that govern each of your resources, including data stores, APIs, and applications.
How Dynamic Authorization Works
Traditional role-based access control (RBAC) doesn’t allow for much precision in the authorization process. Dynamic authorization uses attribute-based access control (ABAC) to provide a much more nuanced authorization service. Instead of relying solely on static permissions and role assignments to protect your resources, you configure policies that can take all kinds of attributes into account. This external attribute data allows you to make fine-grained authorization decisions, elevating the importance of context in a decision. This context gets evaluated for each resource request, providing the tailored authorization management course-grained authorization lacks.
Dynamic authorization relies on a number of inputs to create this context, including:
All of these inputs flow into your business rules and enable the decision engine to enforce your authorization policies. These policies evaluate the latest data available and make decisions in real time that allow or block users or actions and that filter, redact, or transform data.
Why Use Dynamic Authorization?
Authorization logic that lives inside of the application can’t be updated quickly or easily, and it often has to be changed in multiple places. Dynamic authorization management happens outside of the code base, in a central administration point. This allows policy writers, business owners, compliance specialists, and engineers to collaborate on a comprehensive, organizationally defined set of controls around critical resources and data. When changes need to be made rapidly, a policy administrator can update the policy in one place for rapid enforcement everywhere it applies.
Using dynamic authorization, your organization can create complex policies that business owners translate and implement into authorization logic with limited development support. By narrowing the gap between business rules and developer implementation, you can strengthen security and comply with regulations across your organization with more speed and efficiency.
In addition, internal and external users have differing requirements across applications and data. With fine-grained access control, you can make decisions about access at the data attribute level to accommodate these varied needs at scale. Dynamic authorization also improves the user experience, enforcing consent checks in real time, displaying only the allowed objects, and enabling only the permitted actions.
Policy data, gathered at the time of the user request, might come from fraud and risk services, user stores, the request itself, or other sources. Taken together, this policy data provides signals of trust for the request in its specific context. You can configure policies that change the user experience according to the trust level, such as requiring multi-factor authentication (MFA). Dynamic authorization allows you to add or remove friction as needed, reducing your organization’s vulnerability to fraud and cyberattacks.