Authorization involves the act of defining access-rights for subjects. An authorization policy specifies the operations that subjects are allowed to execute within a system.
Most modern operating systems implement authorization policies as formal sets of permissions that are variations or extensions of three basic types of access:
Read (R): The subject can
Read file contents
List directory contents
Write (W): The subject can change the contents of a file or directory with the following tasks:
Execute (X): If the file is a program, the subject can cause the program to be run. (In Unix-style systems, the “execute” permission doubles as a “traverse directory” permission when granted for a directory.)
These rights and permissions are implemented differently in systems based on discretionary access control (DAC) and mandatory access control (MAC).