Delen via


Authorization Strategy

Authorization (or establishment or entitlement) defines a user's (or process') rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource.

Here are some authorization strategies to improve security:

  • By default, grant users no rights and permissions

  • Grant users least privileged rights and permissions on "need to know" basis

  • Push authorization processes from upper/applications layers to lower/OS layers as much as possible

  • Prepare or plan Role-Based authorization

  • Move from manual authorization management processes to automated authorization management processes with next generation IAM role/group management products

Please be aware of that Role-Base authorization will be a subset of Claim-Based authorization in long term.