Pushing Left, Like a Boss — Part 5.11 — Authorization (AuthZ)

This series, and my blog, have moved! Check it out!

---

Authorization (also known as ‘AuthZ’) is verifying that the user who is trying to perform an action within your application is allowed (is authorized/has permissions) to use that functionality. For instance, is the user an admin user? If so, allow them to view the admin page. If not, block access.

There are several different models used within our industry for authorization, with RBAC (Role based access control) being the most popular. RBAC means assigning people different roles in your system(s), just like people play different roles within your organization, and give them access based on the role they are assigned.

For instance, meet Emily, a hypothetical software developer who is new to my project team (pictured below).

#WOCinTechChat: Emily the Software Developer

As a software developer she is going to need access to all sorts of things; source control, perhaps permission to publish to the CD/CI pipeline, and various file systems.

Read the rest on my NEW blog!!

Comments

[Mike Samuel]

There are several different models used within our industry for authorization

In case you've not seen it, From ABAC to ZBAC by Karp et al. is quite accessible and contrasts quite a few.

A variety of access control models have been developed over the years, each designed to address different aspects of the problem. This report will examine the strengths and weaknesses of the various approaches as applied in a cross domain services and as implemented in common SOA frameworks.