Authorization is the mechanism by which a system such a network, website, or cloud service determines what level of access an authenticated user should have to secured resources controlled by the system.
Authorization in a system takes place in two stages:
Creation of an Access Policy
The purpose of an Access Policy is to describe what steps must be taken to ensure that users connecting to a system are authorized in an appropriate manner, in compliance with company standards, and are given the least amount of access required to perform their job function. This policy specifies what constitutes appropriate use of system accounts and authorized standards.
Access Policy Enforcement
Access Policies are typically enforced by a Network Administrator and/or IT Manager. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities.
Authentication vs Authorization
Authentication verifies who you are, whereas Authorization verifies what you are authorized to do after successful Authentication. For more information about authentication, see to Related Concepts: Authentication.
Problem & Solution