Recognize the concept of authorization as the matching of an authenticated entity to a list of information assets and corresponding access levels, which can happen in one of three ways.
• Authorization for each authenticated user
o This is where the system performs an authentication process to verify each entity and then grants access to resources for only that entity. This quickly becomes a complex and resource-intensive process in a computer system.
• Authorization for members of a group
o Comparatively speaking, the system matches authenticated entities to a list of group memberships and then grants access to resources based on the group’s access rights. This is the most common authorization method.
• Authorization across multiple systems
o Detail that a central authentication and authorization system verifies entity identity and grants it a set of credentials.