What is Authorization?
Authorization is the mechanism which grants or denies access to a network resource and allows user access to various resources based on the identity of the user. It determines access levels or privileges of user/client related to services, files, computer programs, data and application features etc.
Web security systems work on a two-step method:
- Authentication which ensures identity of the user
- Authorization which gives permission to the user to access various resources based on the user’s identity.
Modern-day Operating Systems have effective authorization processes to facilitate application deployment and management. Furthermore, access to computer systems depends on access policies and is spread over two phases, namely:
- Policy definition phase where access is authorized.
- Policy enforcement phase where requests to access are allowed or denied.
Authorization is implemented by the Security Server which has controlled access at the level of individual files and programs.