Authorization
The authorization is the third and last step of the process. The goal of authorization is to be sure that the given user has clearance to do what he is asking to do.
It is important that the three steps of the chain—identification, authentication, and authorization—are performed correctly, because if one of them fails, the whole security chain will fail.
There are multiple ways to grant privileges to a user, based on the access control model the system uses. The main access control models are:
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-based Access Control (RBAC)
Lattice-based Access Control (LBAC)
Mandatory Access Control
The MAC paradigm is very good if you don't trust your users, since you are only allowed to let new people. The downside is that it's very hard to keep up with all the permissions if your company is growing because very often the workload on the security administrators increases more than the linear increase of the people and projects...
