Authorization is the process of deciding what authenticated users are allowed to do in a database. After authentication verifies “who you are,” authorization enforces which operations you can perform on which database objects (tables, views, procedures, etc.).
In most DBMS, authorization is managed through privileges and roles. Administrators use commands such as GRANT and REVOKE to give or remove specific rights like SELECT, INSERT, UPDATE, DELETE, and EXECUTE.
How Authorization Works
Each database object (for example, a table) has associated privileges.
Each authenticated user or role is assigned a set of privileges on those objects.
When a user runs a query or command, the DBMS checks whether the necessary privilege is granted; if not, the operation is denied.
For example:
GRANT SELECT ON EMPLOYEE TO analyst;
→ Allows the useranalystto read theEMPLOYEEtable but not modify it.
Why Authorization Matters
Least‑privilege principle:
Users get only the permissions they need, reducing risk if credentials are compromised.
Data confidentiality and integrity:
Sensitive data can be restricted to authorized users; write permissions can be tightly controlled.
Audit and compliance:
Clear permission rules support regulatory requirements and internal security policies.
For beginners, authorization is like a permission badge system: after showing your ID (authentication), the system checks your badge to see which rooms you can enter and what actions you can perform inside.
Summary
Authorization in DBMS controls what operations a user can perform on database objects after they are authenticated. It uses privileges and roles to enforce fine‑grained access control, ensuring that only authorized users can read, modify, or execute specific data and functions, which is essential for data security and compliance.