Authorization Strategy

Authorization (or establishment or entitlement) defines a user's (or process') rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource.

Here are some authorization strategies to improve security:

• By default, grant users no rights and permissions

• Grant users least privileged rights and permissions on "need to know" basis

• Push authorization processes from upper/applications layers to lower/OS layers as much as possible

• Prepare or plan Role-Based authorization

• Move from manual authorization management processes to automated authorization management processes with next generation IAM role/group management products

Please be aware of that Role-Base authorization will be a subset of Claim-Based authorization in long term.