What you're allowed to do
Day 140 of 149
👉 Full deep-dive with code examples
The Movie Theater Analogy
At a movie theater:
- Authentication: Prove you bought a ticket
- Authorization: Check if your ticket is for VIP or regular
Authentication = who you are. Authorization = what you can do.
The Difference
| Authentication | Authorization |
|---|---|
| WHO are you? | WHAT can you do? |
| Login | Access control |
| Verify identity | Check permissions |
Role-Based Access Control (RBAC)
Most common approach:
roles = {
"admin": ["create", "read", "update", "delete"],
"editor": ["create", "read", "update"],
"viewer": ["read"]
}
Check: Does user's role include this permission?
Real Examples
- Google Docs: Owner → Editor → Commenter → Viewer
- GitHub: Admin → Write → Read
- Your app: Admin → Manager → User
HTTP Status Codes
- 401 Unauthorized: Not logged in
- 403 Forbidden: Logged in, but no permission
In One Sentence
Authorization checks if an authenticated user has permission to perform a specific action.
🔗 Enjoying these? Follow for daily ELI5 explanations!
Making complex tech concepts simple, one day at a time.
Top comments (0)