Authorization is a security measure in computing designed to specify the access and usage privileges to such resources as data, files, programs, and devices.

Types of Authorization - by Resources

  • File authorization - specify what users or roles are allowed to access certain files and programs that reside on the web server's file system
  • URL authorization 
    • specify what users or roles are allowed to access certain pages or directories in the application.
    • used by many ASP.NET websites with forms-based authentication to support user accounts and to define portions of the site that are only accessible to authenticated users or users that belong to a certain role.
  • Data authorization - specifies what users or roles are allowed to access certain databases and their associated resources of a DBMS.

Types of Authorization - by Entity

  • User-Based Authorization
    • specify which web pages or entire directories can be only accessible to a specified subset of users.
    • page-level functionality can be turned on or off based on the currently logged in user through programmatic and declarative means.
  • Role-based Authorization 
    • Aply authorization rules on a user-by-user basis can grow into a bookkeeping nightmare. A more maintainable approach is to use role-based authorization
    • URL authorization rules can specify roles instead of users.