Networks are diverse environments, where the restricted and the unrestricted can share the same space. If users are not managed after given access, all information, including the ones that are private, can be viewed by anyone on the network. So it is very important to secure that dividing line.
Authorization is the process of granting privileges to users after they have been given access to the network [through authentication]. From here on, users are restricted to the permissions allowed to them.
In many organizations, network privileges mirror the roles of the users (sales, HR, management, etc). Generally, this boils down to who can access certain resources. These resources, like files and folders, are shared on the network and the users are then granted privileges; for example, the ability to read and write.
Locally, authorization can be implemented on a computer that is shared by multiple users. But within large environments, services [like Microsoft’s Active Directory] are more suitable for managing users and their assigned privileges.
Authorization goes beyond files and folders. The time that certain users are allowed access to the network or the amount of bandwidth they can use, can all be determined through permissions. This helps to bring an additional layer of security to the network.
So, authorization is the process of managing users within a network. It is accomplished by assigning privileges, which are mainly base on users’ roles within an organization.