This series, and my blog, have moved! Check it out!
Authorization (also known as ‘AuthZ’) is verifying that the user who is trying to perform an action within your application is allowed (is authorized/has permissions) to use that functionality. For instance, is the user an admin user? If so, allow them to view the admin page. If not, block access.
There are several different models used within our industry for authorization, with RBAC (Role based access control) being the most popular. RBAC means assigning people different roles in your system(s), just like people play different roles within your organization, and give them access based on the role they are assigned.
For instance, meet Emily, a hypothetical software developer who is new to my project team (pictured below).
#WOCinTechChat: Emily the Software Developer
As a software developer she is going to need access to all sorts of things; source control, perhaps permission to publish to the CD/CI pipeline, and various file systems.
Top comments (1)
In case you've not seen it, From ABAC to ZBAC by Karp et al. is quite accessible and contrasts quite a few.