During authorization, rights are assigned to the user. They authorize the user to perform a certain action. In order to achieve effective protection, when assigning rights, the user should only be authorized for the resources that he absolutely needs.
Authorization requires verification of the person or communication device performing the action. Only after authorization can the desired action or transaction be executed. For example, a transaction using a credit card is first authorized by the credit card issuer after the card data has beenverified.