Course Content
Bonus Section (for Interviews and GATE/Placement prep)
0/2
Operating Systems (OS)
Authentication & Authorization

In any secure computing environment, it’s essential to ensure that access to systems and data is granted only to the right users—and only for the actions they are permitted to perform. This is made possible through two core mechanisms: Authentication and Authorization. While they often work together, they serve different purposes and occur at different stages in the security process.


What is Authentication?

Authentication is the process of verifying the identity of a user or system. Before allowing access to any resource, a system must confirm that the person or process attempting to connect is genuinely who they claim to be.

Common Authentication Methods:

 

  • Something You Know: Passwords, PINs, or security questions.
  • Something You Have: Smart cards, OTP devices, mobile authenticators.
  • Something You Are: Biometrics like fingerprint, facial recognition, or retina scan.

 

Multi-Factor Authentication (MFA) combines two or more of the above to enhance security. For example, logging in with a password (something you know) and a mobile OTP (something you have).

 

Authentication Outcomes:

 

  • If successful, the user’s identity is confirmed.
  • If unsuccessful, access is denied without further evaluation.

What is Authorization?

Authorization is the process of determining what an authenticated user is allowed to do. It defines access levels and permissions granted to users for specific resources, like files, applications, or system settings.

Key Aspects of Authorization:

 

  • It only happens after authentication.
  • It checks for roles, access control rules, or security policies.
  • Determines operations like read, write, delete, or execute on resources.

 

Examples:

 

  • A verified employee may be authenticated into the company portal, but only managers are authorized to access confidential reports.

 

  • A user may be authenticated to use a server but not authorized to install software on it.

How They Work Together

  • Authentication: “Who are you?”
  • Authorization: “What are you allowed to do?”

In most secure systems, once authentication succeeds, an access control system (like RBAC or ACLs) evaluates what resources the user can interact with and at what permission level. If both checks pass, the user can proceed with the task.


Importance in System Security

  • Prevents unauthorized access and actions.
  • Protects sensitive information and system integrity.
  • Ensures accountability and auditability in multi-user systems.
  • Supports regulatory compliance (GDPR, HIPAA, etc.).
0% Complete
WhatsApp Icon

Hi Instagram Fam!
Get a FREE Cheat Sheet on System Design.

Hi LinkedIn Fam!
Get a FREE Cheat Sheet on System Design

Loved Our YouTube Videos? Get a FREE Cheat Sheet on System Design.