After a user has been authenticated, a system must decide what that user is allowed to do. This process is called authorisation. In IB Computer Science, students are expected to clearly explain how authorisation works, what access levels are, and why controlling permissions is essential for security and data integrity.
IB examiners reward answers that distinguish clearly between identity and permission.
What Is Authorisation?
Authorisation is the process of:
- Determining what actions a user is allowed to perform
- Controlling access to data and system functions
Authorisation happens after authentication:
- Authentication verifies identity
- Authorisation assigns permissions
In IB terms, authorisation answers the question:
“What can this user do?”
Why Authorisation Is Important
Without authorisation:
- Every user would have full access
- Accidental or malicious damage would be more likely
- Sensitive data would be exposed
Authorisation protects:
- Data integrity
- Privacy
- System stability
It ensures users can only access what they need, not everything that exists.
What Are Access Levels?
Access levels define different permission sets within a system.
Each access level:
- Grants specific rights
- Restricts other actions
Common access levels include:
- Read-only access
- Edit or write access
- Administrative access
Access levels allow systems to separate responsibilities safely.
Role-Based Access Control
Most systems use role-based access control (RBAC).
With RBAC:
- Permissions are assigned to roles
- Users are assigned roles
- Access is managed centrally
For example:
- Students can view their own records
- Teachers can update grades
- Administrators can manage the system
RBAC simplifies security management and reduces errors.
Principle of Least Privilege
A key IB security principle is the principle of least privilege.
This principle states that:
- Users should have only the permissions they need
- Extra permissions increase risk
For example:
- A user who only views data should not be able to delete it
Limiting access reduces:
- Accidental damage
- Impact of compromised accounts
Authorisation and Data Integrity
Authorisation protects data integrity by:
- Preventing unauthorised changes
- Restricting sensitive operations
- Ensuring accountability
If only trusted users can modify data:
- Errors are less likely
- Changes can be audited
This is especially important in:
- School databases
- Banking systems
- Healthcare records
Authorisation vs Authentication
A clear IB distinction is:
- Authentication confirms identity
- Authorisation controls permissions
A user may be:
- Authenticated correctly
- But authorised only for limited actions
Confusing these terms often leads to lost marks.
Real-World Examples
Examples of authorisation include:
- Students viewing but not editing grades
- Employees accessing only their department’s data
- Admin users managing system settings
These examples help justify access levels in IB exam answers.
Common Student Mistakes
Students often:
- Use authentication and authorisation interchangeably
- Ignore access levels
- Forget least privilege
- Give vague explanations
Clear definitions and examples score higher.
How This Appears in IB Exams
IB questions may ask students to:
- Define authorisation
- Explain access levels
- Apply roles to a scenario
- Justify permission restrictions
Justification is more important than memorisation.
Final Thoughts
Authorisation controls what authenticated users are allowed to do by assigning access levels and permissions. By limiting actions and enforcing least privilege, systems protect data, privacy, and integrity.
Understanding authorisation and access levels allows IB Computer Science students to explain secure system design clearly and confidently — exactly what examiners expect.
