<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">"use strict";(self.webpackChunkdocs_website=self.webpackChunkdocs_website||[]).push([[55700],{15680:(e,t,r)=&gt;{r.d(t,{xA:()=&gt;p,yg:()=&gt;y});var n=r(96540);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&amp;&amp;(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function i(e){for(var t=1;t&lt;arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?a(Object(r),!0).forEach((function(t){o(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):a(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function s(e,t){if(null==e)return{};var r,n,o=function(e,t){if(null==e)return{};var r,n,o={},a=Object.keys(e);for(n=0;n&lt;a.length;n++)r=a[n],t.indexOf(r)&gt;=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n&lt;a.length;n++)r=a[n],t.indexOf(r)&gt;=0||Object.prototype.propertyIsEnumerable.call(e,r)&amp;&amp;(o[r]=e[r])}return o}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&amp;&amp;(r="function"==typeof e?e(t):i(i({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},l="mdxType",h={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),l=u(r),f=o,y=l["".concat(c,".").concat(f)]||l[f]||h[f]||a;return r?n.createElement(y,i(i({ref:t},p),{},{components:r})):n.createElement(y,i({ref:t},p))}));function y(e,t){var r=arguments,o=t&amp;&amp;t.mdxType;if("string"==typeof e||o){var a=r.length,i=new Array(a);i[0]=f;var s={};for(var c in t)hasOwnProperty.call(t,c)&amp;&amp;(s[c]=t[c]);s.originalType=e,s[l]="string"==typeof e?e:o,i[1]=s;for(var u=2;u&lt;a;u++)i[u]=r[u];return n.createElement.apply(null,i)}return n.createElement.apply(null,r)}f.displayName="MDXCreateElement"},13133:(e,t,r)=&gt;{r.r(t),r.d(t,{assets:()=&gt;p,contentTitle:()=&gt;c,default:()=&gt;y,frontMatter:()=&gt;s,metadata:()=&gt;u,toc:()=&gt;l});r(96540);var n=r(15680);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){return t=null!=t?t:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(t)):function(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&amp;&amp;(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}(Object(t)).forEach((function(r){Object.defineProperty(e,r,Object.getOwnPropertyDescriptor(t,r))})),e}function i(e,t){if(null==e)return{};var r,n,o=function(e,t){if(null==e)return{};var r,n,o={},a=Object.keys(e);for(n=0;n&lt;a.length;n++)r=a[n],t.indexOf(r)&gt;=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n&lt;a.length;n++)r=a[n],t.indexOf(r)&gt;=0||Object.prototype.propertyIsEnumerable.call(e,r)&amp;&amp;(o[r]=e[r])}return o}const s={title:"Overview",slug:"/authorization",custom_edit_url:"https://github.com/datahub-project/datahub/blob/master/docs/authorization/README.md"},c="Overview",u={unversionedId:"docs/authorization/README",id:"version-0.14.0/docs/authorization/README",title:"Overview",description:"Authorization specifies what accesses an authenticated user has within a system.",source:"@site/versioned_docs/version-0.14.0/docs/authorization/README.md",sourceDirName:"docs/authorization",slug:"/authorization",permalink:"/docs/0.14.0/authorization",draft:!1,editUrl:"https://github.com/datahub-project/datahub/blob/master/docs/authorization/README.md",tags:[],version:"0.14.0",frontMatter:{title:"Overview",slug:"/authorization",custom_edit_url:"https://github.com/datahub-project/datahub/blob/master/docs/authorization/README.md"},sidebar:"overviewSidebar",previous:{title:"Personal Access Tokens",permalink:"/docs/0.14.0/authentication/personal-access-tokens"},next:{title:"Roles",permalink:"/docs/0.14.0/authorization/roles"}},p={},l=[],h={toc:l},f="wrapper";function y(e){var{components:t}=e,r=i(e,["components"]);return(0,n.yg)(f,a(function(e){for(var t=1;t&lt;arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{},n=Object.keys(r);"function"==typeof Object.getOwnPropertySymbols&amp;&amp;(n=n.concat(Object.getOwnPropertySymbols(r).filter((function(e){return Object.getOwnPropertyDescriptor(r,e).enumerable})))),n.forEach((function(t){o(e,t,r[t])}))}return e}({},h,r),{components:t,mdxType:"MDXLayout"}),(0,n.yg)("h1",{id:"overview"},"Overview"),(0,n.yg)("p",null,"Authorization specifies ",(0,n.yg)("em",{parentName:"p"},"what")," accesses an ",(0,n.yg)("em",{parentName:"p"},"authenticated")," user has within a system.\nThis section is all about how DataHub authorizes a given user/service that wants to interact with the system."),(0,n.yg)("admonition",{type:"note"},(0,n.yg)("p",{parentName:"admonition"},"Authorization only makes sense in the context of an ",(0,n.yg)("strong",{parentName:"p"},"Authenticated")," DataHub deployment. To use DataHub's authorization features\nplease first make sure that the system has been configured from an authentication perspective as you intend.")),(0,n.yg)("p",null,"Once the identity of a user or service has been established, DataHub determines what accesses the authenticated request has."),(0,n.yg)("p",null,"This is done by checking what operation a given user/service wants to perform within DataHub &amp; whether it is allowed to do so.\nThe set of operations that are allowed in DataHub are what we call ",(0,n.yg)("strong",{parentName:"p"},"Policies"),"."),(0,n.yg)("p",null,"Policies specify fine-grain access control for ",(0,n.yg)("em",{parentName:"p"},"who")," can do ",(0,n.yg)("em",{parentName:"p"},"what")," to ",(0,n.yg)("em",{parentName:"p"},"which")," resources, for more details on the set of Policies that DataHub provides please see the ",(0,n.yg)("a",{parentName:"p",href:"/docs/0.14.0/authorization/policies"},"Policies Guide"),"."))}y.isMDXComponent=!0}}]);</pre></body></html>