Authentication vs Authorisation Explained
These two words sound similar and are often confused, but they answer different questions. Authentication asks who are you? Authorisation asks what are you allowed to do?
Getting both right is the foundation of keeping your data safe and giving each user exactly the access they should have — no more, no less.
Authentication: Proving Identity
This is the login step. The system confirms a person is who they claim to be, usually with a password and, ideally, a second factor such as a code from an app.
Authorisation: Granting Access
Once we know who someone is, the system decides what they may see and change. A sales user might view orders; only a manager can issue refunds.
- Roles group permissions so access is easy to manage.
- Least privilege — people get only what their job needs.
- Sensitive actions can require an extra confirmation.
Frequently Asked Questions
Do we really need two-factor authentication?
For anything holding customer or financial data, yes. It is the single most effective defence against stolen passwords.
Can we control access down to individual records?
Yes. Authorisation can be as broad as a whole section or as fine as a single record, depending on your needs.
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.