The term Authorization refers to a key element within the process whereby control is exercised over access to information and communications technology resources. It involves the assignment of a set of permissions or privileges to particular users, or categories of users. A description is provided of the conventional approach adopted to Authorization. Reference is then made to a previously-published pragmatic metatheoretic model that provides a basis for information systems practice. This paper applies that model to present a generic theory of Authorization. The conventional approach to Authorization is re-examined in light of the new theory, weaknesses are identified, and improvements proposed.
Clarke, Roger, "A Generic Theory of Authorization to Support IS Practice and Research" (2023). ACIS 2023 Proceedings. 10.