Back

Definition
Authorization is the process of determining what actions, resources, or systems an authenticated user is allowed to access. It occurs after identity has been verified and enforces permissions based on roles, policies, or access rules.

Why it matters
Authorization ensures users can only access the data and functions they are permitted to use. Proper authorization controls help prevent unauthorized access, reduce insider risk, and enforce security and compliance requirements.

Example use case
After an employee logs into a company dashboard, the system authorizes them to view reporting data but restricts access to administrative settings based on their role.