Authentication vs Authorisation


I see that many people are confused by the meaning of authentication and authorisation. People use the two interchangeably. They tend to use both authentication and authorisation for the same thing. But actually there is a difference between the two.

Authentication can be thought of as the process of granting a user access into some system. While authorisation is granting the same user access into a restricted functionality in this system. I think most of the time it would be safe to say that authorisation contains authentication.

When you login to a website as a user you have access to user area (you are authenticated), and you canĀ use some user functionalities of that site, but you are not allowed to (authorised to) use admin functionality.

Hope this helps.
Good Luck,