Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Authorization (or establishment or entitlement) defines a user's (or process') rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource.
Here are some authorization strategies to improve security:
By default, grant users no rights and permissions
Grant users least privileged rights and permissions on "need to know" basis
Push authorization processes from upper/applications layers to lower/OS layers as much as possible
Prepare or plan Role-Based authorization
Move from manual authorization management processes to automated authorization management processes with next generation IAM role/group management products
Please be aware of that Role-Base authorization will be a subset of Claim-Based authorization in long term.