What is Authorization
Checking what data and actions are allowed to an already authenticated user or service.
Definition
Authorization does not answer the question “who are you?”, but the question “what can you do?” This is especially important in AI systems: the assistant can see documents, send emails, call APIs and perform actions on behalf of a person. Incorrect access rights create the risk of leakage and abuse.
Example
An employee is logged into Corporate Assistant, but sees only the documents of his department, and not the financial reports of the entire company.
Why it matters
The term is important for the safe implementation of AI agents and assistants that connect to internal systems.
How it works
After authentication, the system checks roles, rights, access policies, groups, request context and allowed actions.
Where it is used
- corporate assistants
- access to documents
- API and agent protection
Limitations
Rights that are too broad are dangerous, and rights that are too narrow interfere with your work. We need the principle of minimum necessary access and regular review of rights.