Authorization is the process of deciding if a user is allowed to have access to the requested service.
Authorization is checked after a user authenticates (i.e., confirms user identity).
Authorization to gain access a given resource (computer, file, database record, etc.) is usually governed by a set of “permissions” or “access control list.” These may, in turn, describe the user granted access directly by name or indirectly by some property, such as connecting IP address or membership in a group or attribute (such as primary affiliation with the University).
Authorization decisions may grant access to individual users, groups, roles, or users bearing other attributes. Technology such as Internet2 applications (Grouper, Shibboleth) and LDAP-based directory servers (groups and roles) make it possible for departments and organizations to leverage shared information to control access more efficiently.