Authorization — is the process of verifying a user's access rights to specific system resources or functionality. Authorization happens after successful authentication of the user.
Authorization is an important component of system security and allows access to functions available to users according to their roles.
The user submits login data, the server verifies the user in several steps:
Identification
The server checks if a user with such an identifier (e.g., username) exists in the database
401 Unauthorized — if the user is not found
The object of authorization can be a whole resource, a specific action on a resource, or a part of a resource:
Resource
Access to a specific object — project, task, course, request.
Operation
Whether certain actions on the resource can be performed:
Part of data
The same object can be displayed differently:
It is important to remember that access should be restricted not only by hiding functions in the interface but also at the API.
Уровень повышен!
