Security + Exam Guide (Charles River Media Networking/Security)

Authorization is the second step in accessing protected data or objects. After a user has been identified, another set of standards is in place to determine which resources should be made available to the user, and what exactly the user may do with those resources. Most of the systems that we've just covered are based on this two-step process. Each has its own way of authenticating users, and in turn, each has a unique method of checking the access privileges of the resource being accessed. In addition, each system has a unique way of delivering these privileges in a secure manner. For instance, the types of file system access rights granted in the authorization process include but are not limited to the following:

• Read: Allows reading of files or listing the contents of directories.

• Write: Allows writing to files or adding files to directories.

• Execute: Allows the execution of program files.

• Append: Allows the addition of data to files or placement of subdirectories into directories.

• Delete: Allows the deletion of files or directories.

A user can also be granted any combination of these and other rights, which different operating systems label in different manners. As you'll see in the next section, system administrators, organizational policies, or even other users can determine these rights.