In a nutshell
Authorisation in the context of software development means checking if a given user has the authority to perform a specific action.
Examples of authorization checks include:
- Can this user create a new post?
- Can this user change the status of this post from draft to published?
- Can this user view the posts of other users?
- Can this user create another user?
Most web application frameworks provide a built-in way to perform authorization or you can typically find popular open-source libraries. Examples include:
Authorization vs authentication
Authentication is checking whether a given user is who they say they are.
Authorization is checking whether a given user has permission to perform a specific action.