Authorisation
The process of determining what actions or resources an authenticated user or system is permitted to access.
In-Depth Explanation
Authorisation (or authorization) determines what an authenticated entity is allowed to do. After confirming identity (authentication), authorisation checks permissions to specific resources or actions.
Authorisation models:
- Role-Based Access Control (RBAC): Permissions assigned to roles, users assigned to roles
- Attribute-Based Access Control (ABAC): Decisions based on attributes (user, resource, environment)
- Policy-Based Access Control: Explicit policies define access rules
- OAuth scopes: Permissions granted during authorisation flow
Common patterns:
- Admin/user/guest roles
- Resource-level permissions (read/write/delete)
- Hierarchical access (org → team → user)
- Time-based access restrictions
Implementation:
- Store permissions in database or policy engine
- Check permissions before granting access
- Return 403 Forbidden for unauthorised requests
- Log authorisation decisions for audit
Business Context
Proper authorisation ensures users can only access what they need, protecting sensitive data and meeting compliance requirements like principle of least privilege.
How Clever Ops Uses This
We implement authorisation for Australian business AI systems, ensuring appropriate access controls for different user roles and data sensitivity levels.
Example Use Case
"Implementing role-based access where admins can train models, analysts can view results, and basic users can only query the AI."