What is meant by authorization in information security?

Authorization in information security refers to the process of granting permission to access specific resources or perform certain actions. It occurs after a user's identity has been verified through authentication. Once a user is authenticated, authorization determines what that user is allowed to do within a system, such as accessing files, executing commands, or utilizing applications.

For example, an employee in a company might be authenticated through a secure login process, and once their identity is confirmed, the authorization process will define what data they are permitted to view or edit. This ensures that users have appropriate access levels based on their role or function within the organization, thereby protecting sensitive data and resources from unauthorized access.

The focus of authorization is primarily on permissions and access levels, which distinguishes it from other related concepts in information security, such as authentication (verifying identity) or auditing (tracking actions performed by users).