What is fine grained authorization?

Published by Alex Olivier on September 03, 2023
image

Fine grained authorization - sometimes referred to as "fine grained access control" - is a form of access control in computer and information systems that enables businesses and organizations to apply highly specific criteria to those attempting to access various resources or perform specific actions within the system. Access is granted or denied based on a variety of attributes and conditions. Fine grained authorization is used by Fortune 500 companies, high-tech firms, financial institutions, online communities and others.

The key characteristics of fine grained authorization

Fine grained authorization stands in stark contrast to coarse-grained authorization that applies far less rigorous access control. Here are some key characteristics of fine grained authorization:

  • Granularity: Granularity in this case means specificity. Far from allowing any employee to access a certain resource or perform a certain action, it will only allow those with certain attributes applied to their account to gain access or perform an action. Even then there may be time or other conditions that apply.
  • Attributes: Each person with access to the system is assigned certain attributes. These typically include their identity, role within the organization, location and more. For instance, a manager will be allowed access to certain materials but their administrative assistant will be denied access. The resources themselves also have attributes which are used in the decision-making process, influencing who can access them and who can’t. Resource attributes are helpful for providing further additional context which may affect whether a user can access them, catering to different levels of sensitivity.
  • Conditions: Conditions extend beyond basic criteria like subscription level or security clearance. They encompass the capability to execute complex logic and calculations that make use of attribute values, taking into account the roles and attributes of both users and resources. This means conditions can be dynamic and highly specific, they even can factor in various elements such as time of day, user location, access platform, and even real-time data or transaction context.
  • Type of resource: Fine grained authorization is most often used to ensure only those who need to access various digital resources are able to. For example, not everyone has a valid reason to access or edit the customer database or to view company financial records.
  • Auditing access: Fine grained authorization makes auditing access to a company’s digital resources simple, fast and authoritative.

Difference between fine grained and coarse grained authorization

Fine grained authorization uses numerous attributes and conditions to provide a high degree of access control for complex systems such as scalable, cloud-based applications. With coarse grained authorization access is typically allowed or denied based on a single factor such as the user’s role.

GUIDE

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team