Authorization is the process of determining what an authenticated user is allowed to do within a system or application. It defines access rights and permissions after a user’s identity has already been verified through authentication.
In software and web development, authorization ensures that users can only access resources, features, or data that they have permission for. It is commonly used in role-based systems where different users have different levels of access.
For example:
- An admin user can create, edit, and delete content, while a normal user can only view it.
- A banking app allows users to view their own accounts but prevents access to other users’ accounts.
- An employee portal restricts payroll access only to HR staff.
- A cloud storage system lets users manage only the files they own or are shared with them.
Common technologies and concepts related to authorization include:
- Role-Based Access Control (RBAC)
- Permissions and Privileges
- Access Control Lists (ACL)
- OAuth Scopes
- JSON Web Tokens (JWT) Claims
- Policy-Based Authorization
- User Roles (Admin, Editor, Viewer)
- Security Rules (Backend / API level)