What you're allowed to do Day 140 of 149 π Full deep-dive with code examples The Movie Theater Analogy At a movie theater: Authentication : Prove you bought a ticket Authorization : Check if your ticket is for VIP or regular Authentication = who you are. Authorization = what you can do. The Difference Authentication Authorization WHO are you? WHAT can you do? Login Access control Verify identity Check permissions Role-Based Access Control (RBAC) Most common approach: roles = { " admin " : [ " create " , " read " , " update " , " delete " ], " editor " : [ " create " , " read " , " update " ], " viewer " : [ " read " ] } Enter fullscreen mode Exit fullscreen mode Check: Does user's role include this permission?β¦
