Security

What is Authorization?

The process of determining what actions an authenticated user is allowed to perform.

Definition

Authorization (AuthZ) determines what resources and actions a user has access to after authentication. Common models include: Role-Based Access Control (RBAC) — permissions by role; Attribute-Based Access Control (ABAC) — permissions by attributes; Policy-Based — declarative rules. OAuth 2.0 scopes are a form of authorization for API access. Authorization answers 'What are you allowed to do?'

Related Terms

Authentication OAuth 2.0

More in Security

Authentication JWT OAuth 2.0 SSL/TLS CSRF XSS

Authentication JWT