Back to Security Pattern Catalog

Authorization Enforcer

Classification Key : Perimeter Security, Information Disclosure


Authentication is the process to verify the digital identity of the sender. Authorization is the process that performs access control by deciding whether a program or a person has the privilege to access some data, functionality or service. Controlling access to the system resources and especially data is a key requirement for an application security. How do we specify who is authorized to access specific resources in a system?


Indicate, in a suitable representation, who is authorized to access what and in what way. Specify policies to define all the needed access to resources.

Known Uses

Access control system for Unix, Windows, Amazon storefront etc.

Related Patterns

Role Based Access Control, Reference Monitor


Wiley Book


Access Control


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz