The first job after completing education is always special. I joined a Software company and on the first day itself, I got an ID CARD where my name, employee Ids were mentioned. HR said that you are now authenticated to enter company premises now. By wearing that ID card I was able to enter the company premises which was a multistory building.
I liked the building and was visiting floor to floor. I tried swiping my card to unlock the gate on some random floors but access was denied. The security guard said that you are not authorized to enter this floor as you belong to some other team. A pretty exciting day that was.
Let’s come to the topic now – Authentication vs Authorization. One second! Did I just give a real-time example above?
The very first thing you should understand that both are not the same and both are not related to the word “access“.
Authentication is to prove identity and Authorization is related to access to resources.
In the above example, an ID card given by the company (Not any ID card is valid) is an example of Authentication i.e. identity, or to prove that I am an employee of the company.
I was not allowed or authorized or given access to enter all the floors. I am an authenticated employee but not authorized to access all floors.
You might hear of the term IAM ( Identity and Access management) used by Amazon AWS or Google Cloud etc. Identity is Authentication and Access is authorization.
Please note hear that If you are not authenticated then you do not reach the level of authorization. If I am not an employee of a company I will not able to enter the company premises only. There is no meaning in talking about access on floors.
Let’s understand Authentication and Authorization on a real application. We generally submit timesheets through an application. An employee will log in to the timesheets application using their credentials to submit hours. They will not have any access to approve the timesheets of other employees. But if a manager logs in they will see the option to approve timesheets of their team members. An Employee and manager both are authenticated to access the timesheets application but authorized for similar actions.
You can subscribe to my YouTube channel RetargetCommon to learn from video tutorials.
If you have any doubt, feel free to comment below.
If you like my posts, please like, comment, share and subscribe.
Many other topics you can navigate through the menu.