The authorization process: step-by-step

This example illustrates how the authorization process works.

Figure 1 illustrates the complete authorization process.
Figure 1. The Security Verify Access authorization process
The Security Verify Access authorization process
  1. An authenticated client request for a resource is directed to the resource manager server and intercepted by the policy enforcer process. For example, the resource manager can be WebSEAL for Hypertext Transfer Protocol (HTTP), HTTPS access, or another application.
  2. The policy enforcer process uses the authorization API to call the authorization service for an authorization decision. For more information about the authorization API, see Security Verify Access authorization API.
  3. The authorization service does an authorization check on the resource. See Authorization Algorithm for details on the algorithm used.
  4. The decision to accept or deny the request is returned as a recommendation to the resource manager through the policy enforcer.
  5. If the request is finally approved, the resource manager passes the request on to the application responsible for the resource.
  6. The client receives the results of the requested operation.