:''Authorized redirects here see
Authorized (horse) for the
2007 Epsom Derby winner''
In
security engineering and
computer security, 'authorization' is a part of the
operating system that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. Resources include individual files or items
data,
computer programs, computer
devices and functionality provided by
computer applications. Examples of consumers are computer users, computer programs and other devices on the computer.
Overview
The authorization process is used to decide if person, program or device X is allowed to have access to data, functionality or service Y.
Most modern, multi-user operating systems include an authorization process. This makes use of the
authentication process to
identify consumers. When a consumer tries to use a resource, the authorization process checks that the consumer has been granted permission to use that resource. Permissions are generally defined by the computer's
system administrator in some types of "security policy application", such as an
access control list or a
capability, on the basis of the "
principle of least privilege": consumers should only be granted permissions they need to do their jobs. Older and single user operating systems often had weak or non-existent authentication and authorization systems.
"Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have very few permissions. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of
authorization tokens include keys and tickets: they grant access without proving identity.
There is the concept of "trusted" consumers. Consumers that have authenticated and are indicated as trusted are allowed unrestricted access to resources. "Partially trusted" and guests are subject to authorization for their use of protected resources. The security policy applications of some operating systems, by default, grant full access to all consumers to all resources. Others do the opposite, insisting that the administrator takes deliberate action to enable a consumer to use each resource.
Even when authorization is performed by using a combination of authentication and access control lists, the problems of maintaining the security policy data is not trivial, and often represents as much administrative burden as proving the necessary user identities. It is often desirable to remove a user's authorization: to do this with security policy application requires that the data be updateable.
Public policy
In
public policy, authorization is a feature of
trusted systems used for
security or
social control.
Banking
In
banking, an
authorization is a hold placed on a customer's account when a purchase is made using a
debit card or
credit card.
See also
★
Security engineering
★
Computer security
★
Authentication
★
Access control
★
Kerberos (protocol)
★
Operating system
★
Authorization OSID
★
Authorization hold
العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
Español
![Last Minute Travel Deals: Make Sure You\](images/articles/thumbs/klastminutethumb.jpg "Last Minute Travel Deals: Make Sure You\")
![Walking in Waikiki: The Sauce-erer\](images/articles/thumbs/waikikidrinkumbrellathumb.jpg "Walking in Waikiki: The Sauce-erer\")
