Authorization
Authorization is a security measure in computing
designed to specify the access and usage privileges to such
resources as data, files, programs, and devices.
Types of Authorization - by Resources
- File authorization - specify what users or
roles are allowed to access certain files and programs that reside on
the web server's file
system
- URL authorization
- specify what users or
roles are allowed to access certain pages
or directories in the application.
- used
by many ASP.NET websites with forms-based authentication to
support user accounts and to define portions of the site that are only
accessible to authenticated users or users that belong to a certain
role.
- Data authorization
- specifies what users or
roles are allowed to access certain databases and their associated
resources of a DBMS.
Types of Authorization - by Entity
- User-Based Authorization
- specify which web pages or entire directories can be only accessible to a specified subset of users.
- page-level functionality can be turned on or off based on the
currently logged in user through programmatic and declarative means.
- Role-based Authorization
- Aply authorization rules on a user-by-user basis can grow
into a bookkeeping nightmare. A more maintainable approach is to
use role-based authorization
- URL authorization rules can specify roles instead of
users.