2

What is the difference between access control and authorization? They do not mean same as there is a fine line between the two.

zaph
  • 917
  • 9
  • 11
Richa
  • 83
  • 5

2 Answers2

1

Access control is a broader concept that includes authentication, authorisation, accounting and possibly other components contributing to the control of access. Authorisation only concerns granting or denying permissions according to a security model and policies.

Changyu Dong
  • 4,198
  • 15
  • 15
0

According to CISSP

There are several areas within access control. Those areas include IAAA (Identification, Authentication, Authorization and Accountability), access control techniques & technologies, administration, control methods, control types, accountability, control practices, monitoring and threats to access control.

In addition, access control is more of a concept. It can be physical (gates) or logical (computers). Authorization tends to relate to logical only.

Authorization in software relates to:

  • Role-based access control (RBAC)
  • Attribute-based access control (ABAC)
  • Access control lists (ACL)
David Brossard
  • 101
  • 2