Difference between revisions of "Authorization"

From Clinfowiki
Jump to: navigation, search
Line 1: Line 1:
 
'''Authorization''' is the process specifying access rights to resources. It defines who is authorized to do and see what. Along with [http://www.clinfowiki.org/wiki/index.php/Authentication authentication ] and audit, authorization is one of the three pillars of security in any given system. Authorization designed well will not prevent providers from their patient care activities.
 
'''Authorization''' is the process specifying access rights to resources. It defines who is authorized to do and see what. Along with [http://www.clinfowiki.org/wiki/index.php/Authentication authentication ] and audit, authorization is one of the three pillars of security in any given system. Authorization designed well will not prevent providers from their patient care activities.
  
[[Authorization Types]]
+
Authorization Types
 
Authorization can be user based, role based, or context based.
 
Authorization can be user based, role based, or context based.
  

Revision as of 00:28, 21 November 2011

Authorization is the process specifying access rights to resources. It defines who is authorized to do and see what. Along with authentication and audit, authorization is one of the three pillars of security in any given system. Authorization designed well will not prevent providers from their patient care activities.

Authorization Types Authorization can be user based, role based, or context based.

User based In user based authorization, access rights are assigned to individuals based on who they are as an individual. For example: Dr. Smith has the right to...

Role based In role based authorization, rights are assigned to individuals based on their role in the organization. For example: All doctors have the right to view... . This form of access granting is usually more scalable than the user based type, because with addition of new users to the system, the set of rights can stay the same and only the new user is added to the list.

Context based In context based authorization, rights are assigned to individuals based on who they are and where they are or what they are doing. This form of authorization is the most secure among the three forms.