Authorization or authentication

hi, is Authorization needed? I am going to build a market place where customer, vendor and admin is. can I handle it through authentication?

Yes, off course you need to add the Authorization for the limit users. You can set policy for each user allow some action or not allowed.

Authentication is for deciding who the visitor is. Authorization is for deciding what they are allowed to do.


And another voice says ‘yes’.

Take a little time to get familiar with the Policy system that will be available when you start using Authorization.

Thank you so much

Thank you so much

i read article in theory, what is Authorization. Authorization used new world to authorize third-party access. like to access to google sheet.

Here cake use similar by allowing resources. but in IT fundamental is terminology correct?

We have two types of access SAML and Authorisation.

I directly can see authentication as SAML.

is there any security risks of using authorisation due to mis-interpretation?

I don’t understand your question. Are you asking about security risks of using authorization in general, or using authorization to do more than just authorize? Or are you asking something else entirely different?

Thank you Jim for replying. I am asking about authorization and CakePHP authorization risk. When say Authorization under common terms it refers to give access to third-party login. like single sign-on. But in web development we need access this is more similar to SAML.

so changing names and incorporating part technology is there a security risk?