What is authorization?
11 December 2022 (Updated 19 December 2022)
In a nutshell
Authorisation in the context of software development means checking if a given user has the authority to perform a specific action.
Examples of authorization checks include:
- Can this user create a new post?
- Can this user change the status of this post from draft to published?
- Can this user view the posts of other users?
- Can this user create another user?
Most web application frameworks provide a built-in way to perform authorization or you can typically find popular open-source libraries. Examples include:
- Rails: Pundit gem
- Laravel: Policies
- Symfony: Voters
Authorization vs authentication
Authentication is checking whether a given user is who they say they are.
Authorization is checking whether a given user has permission to perform a specific action.
Tagged:
Misc