Home

Authorisation

Authorisation, alternatively spelled authorization in American English, is the act of granting permission or authority to perform a particular action, access a resource, or assume a role. It follows authentication, in which identity is verified, and is typically guided by policies, rules, and technical controls that specify permissible actions for different actors and contexts. Authorisation decisions may be automatic or human-mediated and can be time-bound, conditional, or revocable.

In legal and regulatory contexts, authorisation denotes formal approval from a competent authority, a licensing or

In information security, authorisation determines whether a user or process has permission to perform a specific

Auditing and governance are integral to authorisation, providing traceability, accountability, and mechanisms to revoke or adjust

permitting
scheme,
or
contractual
authorization.
In
business
and
information
systems,
authorisation
defines
access
rights
within
a
system
or
network.
Common
implementations
include
access
control
lists,
role-based
access
control
(RBAC),
and
attribute-based
access
control
(ABAC).
Core
principles
include
least
privilege,
separation
of
duties,
and
the
need-to-know
to
reduce
risk.
operation
(for
example,
read,
write,
execute,
delete)
on
a
resource,
at
a
given
time
and
location,
and
may
be
enforced
across
applications,
databases,
and
networks.
In
finance,
authorisation
covers
the
approval
of
transactions,
payments,
or
transfers,
often
subject
to
fraud
checks
and
regulatory
controls.
permissions.
The
term
is
often
contrasted
with
authentication
(identity
verification)
and
verification
(claim
validation).