AuthZ
Authorization determines what an authenticated user is allowed to do — which resources they can access and what actions they can perform.
⚙️ How Does It Work?
After authentication, the system checks the user's permissions, roles, or policy rules to decide if the requested action is permitted.
📍 Where Is It Used?
Every application layer — APIs, databases, cloud services, enterprise apps.
💡 Real-World Example
An authenticated user logs into an HR system. Her role authorizes her to view but not edit employee records. When she tries to delete a record, the system denies it — she is authenticated but not authorized.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →