What is Authorization?

Authorization is the process of determining what resources a user or process can access. It is an essential part of security, as it helps to protect sensitive data and systems.

Authorization is often confused with authentication, but the two are distinct. Authentication is the process of verifying who a user is, while authorization is the process of determining what that user is allowed to do.

For example, a user may be authenticated to access a computer system, but they may not be authorized to access all its files. The authorization process would determine which files the user can access and which actions they can perform on those files.

4 Main Types of Authorization

  • Discretionary access control (DAC): DAC allows the resource owner to control who has access to it. This is the simplest type of authorization, and it is commonly used in file systems and operating systems.
    Discretionary Access Control System - Usage, Pros & Cons
  • Mandatory access control (MAC): MAC is a more restrictive type of authorization often used in military and government systems. MAC enforces security policies that the resource owner cannot override.
    Mandatory Access Control System - Usage, Pros & Cons | Securepass
  • Role-based access control (RBAC): RBAC assigns users to roles, and each part is granted a set of permissions. This allows for more granular control over resource access, as permissions can be assigned to roles rather than individual users.
    What Is Role-Based Access Control? Here's A Quick Guide For Every ...
  • Attribute-based access control (ABAC): ABAC is the most flexible type of authorization. ABAC allows you to define policies based on any attribute of a user, resource, or environment. This makes it possible to create very complex and specific authorization rules.
    Guide to Attribute-Based Access Control (ABAC) | Axiomatics

Each type of authorization has its advantages and disadvantages. DAC is the simplest to implement, but it can be difficult to manage in large and complex systems. MAC is more secure than DAC, but it can be more challenging. RBAC is a good compromise between DAC and MAC, widely used in enterprise systems. ABAC is the most flexible type of authorization, but it can be complex to implement and manage.

How Can It Be Used?

  • DAC: A user may have DAC privileges over a file on their local computer, allowing them to read, write, and execute a file.
  • MAC: A government employee may have MAC privileges over a classified document, preventing them from sharing it with unauthorized individuals.
  • RBAC: A network administrator may be assigned the role of “network manager”, which permits them to manage all of the network devices on the network.
  • ABAC: A company may use ABAC to control access to its customer database. For example, a company may allow its sales representatives to access all customer records but only allow its customer support representatives to access records for customers who have contacted customer support.

Conclusion

The best type of authorization for a particular system will depend on the specific security requirements of that system. Authorization is an essential part of any security system. By adequately implementing authorization, organizations can protect their data and systems from unauthorized access.