Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Glossary > Authorization

What is Authorization?

Authorization Definition: The process of defining the specific resources a user needs and determining the type of access to those resources the user may have.

Understanding Authorization

The process of defining the specific resources a user needs and determining the type of access to those resources the user may have. Authorization occurs after authentication and determines what actions an authenticated entity is permitted to perform. It involves evaluating permissions based on identity, role, attributes, or context. Authorization is a core security requirement in frameworks like ISO 27001, NIST 800-53, and regulations like HIPAA and GDPR. Organizations implement authorization through access control lists, capability tables, policy-based systems, and role-based or attribute-based models. For example, a hospital information system might authorize doctors to view patient records but not modify billing information, while giving administrators different privileges. Related terms: Authentication, Access control, Least privilege, Privilege management, Role-based access control.

Learn More About Authorization:

API authentication and authorization overview

Related Cybersecurity Terms

Cloud Security Posture Management CSPM
5G Security
Static source code analysis SAST
FIDO2 Authentication
Back to Glossary