Make Selenium Easy

Authentication vs Authorization – Who vs Who+What

The first job after completing education is always special. I joined a Software company and on the first day itself, I got an ID CARD where my name, employee Ids were mentioned. HR said that you are now authenticated to enter company premises now. By wearing that ID card I was able to enter the company premises which was a multistory building.

I liked the building and was visiting floor to floor. I tried swiping my card to unlock the gate on some random floors but access was denied. The security guard said that you are not authorized to enter this floor as you belong to some other team. A pretty exciting day that was.

Let’s come to the topic now – Authentication vs Authorization. One second! Did I just give a real-time example above?

The very first thing you should understand that both are not the same and both are not related to the word “access“.

Authentication is to prove identity and Authorization is related to access to resources.

In the above example, an ID card given by the company (Not any ID card is valid) is an example of Authentication i.e. identity, or to prove that I am an employee of the company.

I was not allowed or authorized or given access to enter all the floors. I am an authenticated employee but not authorized to access all floors.

You might hear of the term IAM ( Identity and Access management) used by Amazon AWS or Google Cloud etc. Identity is Authentication and Access is authorization.

Please note hear that If you are not authenticated then you do not reach the level of authorization. If I am not an employee of a company I will not able to enter the company premises only. There is no meaning in talking about access on floors.

Let’s understand Authentication and Authorization on a real application. We generally submit timesheets through an application. An employee will log in to the timesheets application using their credentials to submit hours. They will not have any access to approve the timesheets of other employees. But if a manager logs in they will see the option to approve timesheets of their team members. An Employee and manager both are authenticated to access the timesheets application but authorized for similar actions.

You can subscribe to my YouTube channel RetargetCommon to learn from video tutorials.

If you have any doubt, feel free to comment below.
If you like my posts, please like, comment, share and subscribe.
#ThanksForReading
#HappyLearning

Find all Selenium related posts here, all API manual and automation related posts here, and find frequently asked Java Programs here.

Many other topics you can navigate through the menu.

Author: Amod Mahajan

My name is Amod Mahajan and I am an IT employee with 6+ years of experience in Software testing and staying in Bengaluru. My area of interest is Automation testing. I started from basics and went through so many selenium tutorials. Thanks to Mukesh Otwani as his tutorials are easy and cover basics to advance. I have habit of exploring concepts by deep diving. I used to make notes. I thought of sharing my knowledge through posts and now I am here. #KeepLearning #ShareLearning

Leave a Reply

Please wait...

Subscribe to new posts to become automation expert

Want to be notified when my new post is published? Get my posts in your inbox.

Authentication vs Authorization – Who vs Who+What

by Amod Mahajan time to read: 2 min
0
%d bloggers like this: