Security |
Once a user has been authenticated, he or she will want access to certain resources maintained by the system such as files, printers, and database tables. Authorization is determined by verifying that the authenticated user has access to the resource.
Note For authorization to succeed, authentication must be performed first.
Access is resolved by comparing information about the user with access control information associated with the resource. If Cheryl is given full access, she can read, write, and delete a file called Info.txt. But suppose Alice has read-only access to this same file. If Alice attempts to write to or delete the file, she will be denied access.