What is the difference between authentication and authorization?

Question

Basic question from a novice:

What is the difference between authentication and authorization?

Corss-site duplicate: https://stackoverflow.com/q/6556522/ – Kyll Jan 09 '19 at 18:11 — Kyll, Jan 09 '19 at 18:11

score 208 · Accepted Answer · edited Dec 28 '15 at 20:13

208

Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating.
Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization.

edited Dec 28 '15 at 20:13

TheFiddlerWins

2,973
1
14
22

answered Aug 21 '09 at 10:48

ThatGraemeGuy

15,314
12
51
78

2

To further clarify Authorization, read http://en.wikipedia.org/wiki/AAA_protocol#Authorization as much of CS uses the AAA definition of Authorization which basically means Access Control. – chankster Aug 21 '09 at 11:02

score 72 · Answer 2 · answered Aug 21 '09 at 10:49

72

Authentication is about who somebody is.

Authorisation is about what they're allowed to do.

answered Aug 21 '09 at 10:49

dave4420

833
5
5

2

simple and humble :) – Nov 15 '17 at 03:11
perfectly simple! – Adly Jun 12 '18 at 07:57

score 19 · Answer 3 · answered Aug 25 '09 at 22:57

19

Authentication: I am an employee of the company. Here is my ID badge.

Authorization: As an employee of the company, I am allowed entrance into the building.

answered Aug 25 '09 at 22:57

Tyler Menezes

291
1
3

score 6 · Answer 4 · answered Aug 25 '09 at 23:25

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords.
Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular.
For more information please see wikipedia

score 4 · Answer 5 · answered Jul 20 '12 at 12:52

Authentication

Authentication confirms who you are. For example, you can login to your Unix server using ssh client, or access the server using POP3 and SMTP email client. Typically, PAM (Pluggable Authentication Modules) is used as a low-level authentication schemes into a high level application programming interface (API), which allows programs that rely on authentication to be written independently of the underlying authentication scheme.

Authorization

Authorization is the process to confirm what you are authorized to perform. For example, you are allowed to login to your Unix server via ssh client, but you are not allowed to browser / data2 or other file systems. Authorization occurs after authentication is successful. Authorization can be controlled at the level of file system or use a variety of configuration options such as application level chroot. Normally, the connection attempt should be good authentication and authorization by the system. You can easily find out why the connection attempts are either accepted or rejected with the help of two factors.

What is the difference between authentication and authorization?

5 Answers5

Linked