User Authorization Primer
Now that we have completely authenticated our user, it is now possible to implement authorization.
What is User Authorization? #
Authorization is a security mechanism used to determine user/client privileges or access levels related to system resources, including computer programs, files, services, data, and application features. Authorization is normally preceded by authentication for user identity verification.
Types of Authorization #
user-based #
User-based authorization allows users to create, read, update, or delete their own data.
role-based #
Role-based authorization occurs when you set up levels of access for different users. For example, an admin role might be able to access or delete anyone’s information. A manager of a department store might have a role that allows him or her to see only their sales, refunds or other types of information that are appropriate for that role to see.
Building the To-Do List Application #
For our application, we will use Firestore Security rules to provide access control. This allows us to build user-based access systems that keep our users’ data safe. This course focuses on user-based authorization because it’s the easiest to implement.
User-based Security in To-do List #
This type of authorization allows a user to be able to read, write or delete items from lists that were created by them. They would not be authorized to read, write or delete items from any list created by someone else.
Get hands-on with 1400+ tech skills courses.