Authorization

RBAC

In the video, Sareeta mentioned that authorization is usually implemented as Role-Based Access Control, which is commonly abbreviated as RBAC. In RBAC, access is given based on a user's role—as a manager, engineer, customer service representative, etc.

Permissions can then be given (and limited) to users based on their roles. That way, each type of user only has limited access—they are able to access only the specific things they need for their particular job.

Authentication and authorization are different, yet related. You can't grant a right to a user (i.e., authorize that user) without first knowing who that user is (i.e., by authenticating their identity).