Authorisation is like the use of a password when logging in. Authentication is more like being able to prove that you are whom you claim to be, e.g. by possessing a private key. At least that's my understanding of it.
Information security is essential for almost all automated systems. Authentication and authorization are two mechanisms used in these systems to secure information. Authentication is used to identify a particular user in order to let him access a system. After authenticating the user to the system, authorization provides the necessary limits and accesses the user has. These policies are defined in a firewall or an Access Control List on a file server. Authorization applies only to authenticated users.
From the discussion of all peers in short we can say,
Authorization is a only a permission of grant access or some limit given within any organization (may be super admin) to particular user or employee, whereas authentication is the system procedure within the organization of verification of that given authority....
Authorization :- permission of grant access
Authorization :- verification of that grant permission
Thank you very much all of you have cleared my doubt 👏🙌🙏🏼
Authorization comes to play when you are given some privileges or can perform some sets of functions based on your access status. For instance, if you log in as a regular person, you can be granted access to some features other than that of a VIP or premium person. Or you could be given access to a particular feature of a system by permission WHILE Authentication is a form of validation or "screening" based on rendered or inputted data in order to confirm or meet with laid down requirements in a system. It could serve as an access way. For instance, if a user is meant to input just his first name in an input field, if he/she does so, he/she will be granted access but will be denied access if otherwise. That process, hence is known as Authentication
Identification occurs when a subject claims an identity (such as with a username) and authentication occurs when a subject proves their identity (such as with a password). Once the subject has a proven identity, authorisation techniques can grant or block access to objects based on their proven identities.
Let me tell a story. I was at train station waiting for my train. At the time, I was standing near a food stall, when an old man approached me and asked me to buy him a food. How I responded him, can you guess? Let me you about me, I never help who doesn't need help, but give everything I have, if it essential for needy ones. Let us come back to story, first I authenticated him that he has no money just by seeing his eyes and how he approached... yes, everyone authenticates the claim of having no money to take next step whether to help someone or not... This is authentication, that he has no money, but still we don't know he is needy one or not, whether we going to help him or not, which is next step... According to me, beggars are hopeless people and lazy people, but the old man who approached me isn't a beggar, so I authorized him as not a beggar, so final step is whether I going to help him or not, which will be based whether he is really a food needy one or not... yeah he is really a food needy one, he never asked me any money further after I bought him a food... Here I completely authorized him to have my help in getting his food... So authentication is used to verify whether credentials is true or not, if true then authorized to access certain features like I authenticated the old man for not having money, then only I authorized him to have my help based on some morals... If your morals aren't concrete and wise, then you'll be get fooled by imposters... LOL.
Authorisation spells out the extent to which a user is allowed to access a resource.
Authentication on the other hand spells out the credentials given to a particular user so as to access a resource/system