Access ControlHigh

Authorization

The process of determining what an authenticated user is allowed to do

Content

What is Authorization?

Authorization defines what a user is permitted to do after their identity is authenticated. It governs access to systems, data, and features based on user roles, policies, or attributes.

Common Models

Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Discretionary/ Mandatory Access Control

Best Practices

Use least privilege principle
Separate authentication and authorization logic
Audit and log access attempts
Review permissions periodically

Quick Facts

Severity Level

8/10

Primary Role

Grant or restrict access to resources

Depends On

Successful authentication

Common Systems

RBAC, ABAC

Example

A user logs in but can only view reports, not edit them

Related Terms

Authentication

Verifying the identity of a user before granting access

Least Privilege

Granting only necessary permissions to users

RBAC

Assigning permissions based on user roles

Learn More

Difference Between Authentication and Authorization How Role-Based Access Control Works