Authority And Role In Spring Security

Authority And Role Differences

Authority	Role
Authority is like an individual privilege	Role is a group of privileges
Restricting access in a fine-grained manner	Restricting access in a coarse-grained manner
Ex: READ, UPDATE, DELETE	Ex: ROLE_ADMIN, ROLE_USER

• Names of authorities/roles are arbitrary in nature and these names can be customized as per the business requirement.
• In Spring Security, there is no difference on how we configure authorities and rules except the method names to differentiate whether these are an authority or role.
• Roles are also represented using the same contract GrantedAuthority in Spring Security
• When defining a role, its name should start with the ROLE_prefix. This prefix specifies the difference between a role and an authority.

See Also

• Spring Security With Authorization
• Configure Authorities
• Configure Roles

References

• Spring Security Zero To Master