Authentication vs. Authorization

To refresh our knowledge: What is authentication? (How did we define it?)

We promised to introduce another concept that is related to authentication called authorization.

Authorization is a decision-making process of a system regarding whether a user, program, website, etc. is or isn't allowed to take an action.

In other words, as a result of an authorization process, the system will return one of two answers: yes or no as a response to your request to do something (e.g., accessing a file, deleting a file, installing a program, etc.)

Authorization is different from authentication because, for example, a user may authenticate themselves correctly to a system (e.g., enter the correct username + password combo,) but if he or she is not authorized to access the system in question, they will be denied access.