Authorization ensures that we give the correct privilege levels provided to subject.
This is done through access controls: they permit authorized entities (persons, processes etc) to perform authorized functions.
Access rights (the permissions), can have different level of granularity such as:
- Create
- Read
- Update
- Delete
- Full control (administrator)
Another layer of access control is entitlements: more granular of access controls, often based on group membership. It enforces access rules.
Access controls are at the heart of information security: all of security comes down to who is on our system and what can they do on it. And of course, have a record of all the activities taking place.