Authorize with Access Control Lists
Authentication is usually half of what you need from your auth process. You authenticate to know who’s behind the client so you can then complete the auth process by authorizing whoever is behind the client for whatever action they’ve attempted. As I mentioned earlier, authorization is the process of verifying what someone has access to.
The simplest way to implement authorization is with an access control list (ACL).[26] An ACL is a table of rules where each row says something like “Subject A is permitted to do action B on object C.” For example: Alice is permitted to read Distributed Services with Go. In this example, Alice is the subject, to read is the action, and Distributed Services with Go is the object. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access