re: AUTHentication VS AUTHorization VIEW POST


Good, clear distinction - well said.

On authorization, I suggest thinking about admins and support people being NOT authorized to change data or transactions posted by regular users.

In some situations, that level of permission may be appropriate but it's worth thinking about.

I have worked in financial services (as lead user, primary on-site support person, and liaison with software techs) where internally changing data is a serious business. Therefore, the system/s we worked with deliberately precluded making data changes other than via the normal user-facing software.

code of conduct - report abuse