Authentication is about who somebody is.
Authorization is about what they’re allowed to do.
- Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating.
- Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization.
Example: Authentication is, I am an employee of the company. Here is my ID badge. Authorization is, as an employee of the company, which resources I am allowed access.