Think of this:
- Whether a stranger is authorized to enter your house without your permission?
- Whether you authorize your friend to take your car whenever he wants to go on a drive?
- Whether a co-employee is authorized to access your confidential information stored with Human Resource department?
You might be getting a hang of it… Authorization is all about “What can a person (or identity in digital world) do?”; have they so called “access rights/privileges” to the desired “resources”.
That being said, Authorization takes a form of access policies that an organization sets forth for the resources being used. These access policies are created and/or controlled by an authority (usually a senior employee or department head). These policies are formulated based on “principle of least privilege” – which says that a user/identity should only have minimum set of privileges to get their work done.
In SQL Server, Authorization is enforced with Permissions, and we have a freedom to club common permissions into Roles. These permissions are hierarchical in nature and exist both at database and server level.
I will talk more about Authorizations, Permission Hierarchy, and principle of least privilege in upcoming blogs. So stay tuned!