Authorization
- tags
- Security
Summary #
- This is the act of granting access to tools and resources.
- While the above (Authentication) confirms the user’s identity, authorization creates the boundary and jurisdiction where the user can operate.
- The authorization framework actively distinguishes User A’s access from User B’s. This framework controls role-based access(Role Based Access Control) in the IAM system and is commonly referred to as AuthZ.
Application’s responsibility #
The responsibility of authorization typically lies with the application itself. The application is responsible for enforcing access control policies and determining whether a user has the necessary permissions to perform certain actions or access certain resources. Here is a PlantUML sequence diagram to illustrate the authorization process:
In this sequence diagram, when a user requests access or performs an action, the application sends an authorization request to the AuthZ component. The AuthZ component validates the user’s credentials and verifies their permissions based on the requested resource or action. The application then grants or denies access to the user accordingly.