Authorization

(OBJ 1.2)

Pertains to the permissions and privileges granted to users or entities after they have been authenticated
- "Determining what an identity is allowed to do within a given system"
Users with access to a system determine the actions they can perform, the data they can view or modify, and the areas they can access (roles)
Authorization mechanisms range from role-based to rule-based to attribute-based controls to determine permissions
Set of rules and policies that are used to dictate what actions users can perform once verified
Authorization serve as the gatekeeper to ensure that the right people have the right access for the right things

Authorization mechanisms are important to help us with the following

To protect sensitive data
- Ensures that sensitive and confidential data is accessible only to those with the proper clearance
To maintain the system integrity in our organizations
- Prevent accidental or deliberate system misconfigurations or data alterations by only providing the ability to change those things to well-trained and experienced system administrators
To create a more streamlined user experience
- Systems can offer a more streamlined and user-friendly experience