Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth). Assuming that someone has logged in to a computer operating system or application, the system or application may want to identify what resources the user can be given during this session. Thus, authorization is sometimes seen as both the preliminary setting up of permissions by a system administrator and the actual checking of the permission values that have been set up when a user is getting access.

Logically, authorization is preceded by authentication.

This was last updated in January 2006

Dig Deeper on DevSecOps and automated security

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Infact I was using VPN that's why i only mentioned VPN. Overall best and the simplest way to define "Authorization"
The function of the policy definition phase which precedes the policy enforcement phase where access requests are approved or disapproved based on the previously defined authorizations