In a nutshell

Authorisation in the context of software development means checking if a given user has the authority to perform a specific action.

Examples of authorization checks include:

• Can this user create a new post?
• Can this user change the status of this post from draft to published?
• Can this user view the posts of other users?
• Can this user create another user?

How to implement authorization

Most web application frameworks provide a built-in way to perform authorization or you can typically find popular open-source libraries. Examples include:

• Rails: Pundit gem
• Laravel: Policies
• Symfony: Voters

Authorization vs authentication

Authentication is checking whether a given user is who they say they are.

Authorization is checking whether a given user has permission to perform a specific action.