Authorisation determines what someone is allowed to do after they have been authenticated. Where authentication asks “who are you?”, authorisation asks the question: “what are you allowed to access?”.

In an organisation, this means that employees only gain access to the systems, files and applications they need for their work. An HR employee may view personnel data, but not financial reports; a system administrator may manage servers, but not make HR changes.

Authorisation can be managed in various ways. The classic approach is Role-Based Access Control (RBAC), where rights are granted based on role or department. A more modern variant is Attribute-Based Access Control (ABAC), which also considers context (such as location, device, or project).

Within Joinly, authorisations are automatically granted based on data from the HR system. This eliminates manual administration, and access is always tailored to the current personnel status.

Authorisation is therefore not only a security measure but also a means to reduce risks and the administrative burden.

In summary: Authorisation determines what you have access to, based on who you are and what you need.