Authentication asks "Who are you?", while Authorization asks "What are you allowed to do?"
There are mainly 2 types - Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC)
A user is assigned a role (e.g., "HR Manager," "Software Engineer"). Permissions are attached to the role, not the specific user.
Packaged base
Highly flexible and modern approach that evaluates multiple attributes
It looks at the User (Who?), the Resource (What file?), the Action (Read/Write?), each combination will be an attribute
Fine-grained base
Last updated 1 day ago