What Is Authorisation? Definition & Comparison with Access Control

Most people know what the word "authorise" means in everyday life. We use this term to describe access based on some kind of role, status, or merit. For example, we're authorised to eat in the campus dining room due to our status as a college student. 

In computing terms, "to authorise" means to identify the digital resources someone can access after they log in to a system. 

If you're confused by these terms, don't worry. Let's dig a little deeper.

A Formal Authorisation Definition 

Authorisation is the process of matching users to the right digital assets. The work starts with policy. 

A person with authority, such as a department head or IT manager, determines what access a person should have. They could define access rules by:

  • Departments. Every person that works within a specific group has access to the same files. 
  • Titles. Access varies depending on the role a user plays within the company. 
  • Individuality. What a person can see depends on the work a person does, seniority within the company, or something else altogether. 

Crafting rules like this takes time and expertise, and it's often work people with seniority tackle. People with system administrator jobs can enforce the policies. This job typically involves solving user problems, so adding to or removing file access may become part of everyday work. 

How Does Authorisation Work? 

People gain access by following a series of predictable steps. 

Authorisation involves:

  • Authentication. Organisations can manage authentication in a variety of ways. They can require a name/password combination to allow the system to verify a person's identity. Almost half of all companies add to this process with two-factor authentication steps, such as tapping in a one-time code sent to a cell phone. A simple step like this cuts down on fraud. 
  • Database checks. With authentication complete, the system knows who you are and what administrators believe you should use in your work. 
  • Access control. The system unlocks access to these assets, and the user can begin work. 

Most people have used authorisation processes before, even if they didn't know it. Major systems use authorisation, inc