What Is Authorisation? Definition & Comparison with Access Control
Most people know what the word "authorise" means in everyday life. We use this term to describe access based on some kind of role, status, or merit. For example, we're authorised to eat in the campus dining room due to our status as a college student.
In computing terms, "to authorise" means to identify the digital resources someone can access after they log in to a system.
If you're confused by these terms, don't worry. Let's dig a little deeper.
A Formal Authorisation Definition
Authorisation is the process of matching users to the right digital assets. The work starts with policy.
A person with authority, such as a department head or IT manager, determines what access a person should have. They could define access rules by:
- Departments. Every person that works within a specific group has access to the same files.
- Titles. Access varies depending on the role a user plays within the company.
- Individuality. What a person can see depends on the work a person does, seniority within the company, or something else altogether.
Crafting rules like this takes time and expertise, and it's often work people with seniority tackle. People with system administrator jobs can enforce the policies. This job typically involves solving user problems, so adding to or removing file access may become part of everyday work.
How Does Authorisation Work?
People gain access by following a series of predictable steps.
Authorisation involves:
- Authentication. Organisations can manage authentication in a variety of ways. They can require a name/password combination to allow the system to verify a person's identity. Almost half of all companies add to this process with two-factor authentication steps, such as tapping in a one-time code sent to a cell phone. A simple step like this cuts down on fraud.
- Database checks. With authentication complete, the system knows who you are and what administrators believe you should use in your work.
- Access control. The system unlocks access to these assets, and the user can begin work.
Most people have used authorisation processes before, even if they didn't know it. Major systems use authorisation, including:
- Windows. Windows requires you to set up at least one authorised user, and a password protects your access.
- iTunes. You must authorise your computer to purchase items within the store.
- Your employer. Again, almost every corporate computer system out there requires users to log in and move through authorisation before accessing files.
Computers are fast by design, and it often takes just seconds to complete this complex process. You may never know it's happening.
Authorisation vs. Access Control
If authorisation involves defining a policy, access control puts the policies to work. These two terms aren't interchangeable. But they do work hand in hand.
Once you've completed the authorisation process, the system knows who you are and what you should see. The access control system unlocks the assets, so you can do the work you need to do.
Knowledge Is Power
The more you know about how security systems work, the better you can protect your company and your coworkers from hackers and malignant actors.
At Okta, we work hard to define terms simply, so everyone can learn. And we build robust tools everyone needs to manage authorisation, authentication, and access control. Learn more.
References
Network and Computer Systems Administrators. (September 2020). Bureau of Labor Statistics.
Why Nearly 50 Percent of Organizations Are Failing at Password Security. (October 2018). TechRepublic.
The Windows 10 Security Guide: How to Protect Your Business. (July 2020). ZD Net.
Authorize or Deauthorize Your Computer for iTunes Store Purchases. (January 2020). Apple.