1. Overview

When we talk about gaining access to a secured system, we come across the keywords Authentication and Authorization.

We often use them in conjunction with each other in terms of application or system security, though they are different.

Are you confused about when to use what?

In this article, let's try to understand Authentication and Authorization, which could help us when to use what.

2. Content

First, let's figure out what each of these means.

2.1. What is Authentication?

Authentication is the process of verifying a user's identity before providing access to an application or a system.

It basically checks the user identity, which can be in any form like

  • Login credentials
  • Security questions
  • Biometric and Facial recognition

So, in order to have a successful authentication, the user must have an identity that the system can validate and determine whether the user is valid or not.

Overall, this defines user access to a secured system.

Example: Employee using an access card at an office entrance, where the employee has to authenticate before entering into the office premises.

2.2. What is Authorization?

Authorization is the process of verifying what an Authenticated user can access on the system or an application.

There can be several resources in a system, but not all of them are available for all the authenticated users.

Systems are usually designed for users with different roles, with each role having a specific set of permissions.

Everything that an authenticated user access is determined by the policies or rules. So, not all users with successful authentication, have access to all resources n the system.

Overall, this defines user access to a secured resource on a secured system.

Example: Not all employees have access to certain restricted areas like Server rooms in an office.

2.3. When to use what?

Authentication deals with user access to a secured system.

Authorization deals with resource access by an authenticated user depending on the rules applicable.

With these both implemented, all the resources on a secured system are protected by two layers of security - Authentication and Authorization.

3. Conclusion

We hope this article is useful. If you like the content, feel free to share the content.

Take some time to visit our Youtube channel for more interesting content.

Happy Learning!!