1
00:00:00,270 --> 00:00:05,890
Spring security allows you to configure authorization based upon authority and rules.

2
00:00:06,270 --> 00:00:11,760
Let's try to see what is authority and what is rule and what's the difference between them.

3
00:00:12,090 --> 00:00:19,580
So when we say granting authority or authority, it's a single individual privilege or permission,

4
00:00:19,830 --> 00:00:26,940
we can say the user has read only access are we have to delete access.

5
00:00:27,180 --> 00:00:33,840
So in this scenario, read they delete all these are authorities using authorities.

6
00:00:34,050 --> 00:00:43,140
We can restrict access in fine grained manner, whereas the rule is a group of authorities and privileges.

7
00:00:43,260 --> 00:00:46,950
You can group authorities into a single role.

8
00:00:46,980 --> 00:00:53,790
You may have a requirement in your application that you don't want to go with authorities or want to

9
00:00:53,790 --> 00:01:00,300
change the rules inside my application, like admin, normal user, supervisor, employer, employee.

10
00:01:00,690 --> 00:01:08,190
So for all scenarios, we can also have rules configured using spring security and flight rules.

11
00:01:08,610 --> 00:01:12,180
We can have it group of privileges using rules.

12
00:01:12,630 --> 00:01:15,210
We can restrict access codes.

13
00:01:15,210 --> 00:01:15,980
Great demanded.

14
00:01:16,260 --> 00:01:19,590
The names that you give for authorities are rules.

15
00:01:19,830 --> 00:01:21,360
They're arbitrary in nature.

16
00:01:21,360 --> 00:01:23,370
You don't have to follow that.

17
00:01:23,370 --> 00:01:28,790
What I'm showing in this line, you can have whatever authority you want instead of read.

18
00:01:28,980 --> 00:01:31,770
I can say only the update.

19
00:01:31,770 --> 00:01:34,800
I can say create similarly for rules.

20
00:01:34,800 --> 00:01:40,550
Also, instead of admin, I can say Superman instead of user, I can say customer.

21
00:01:40,800 --> 00:01:43,320
So it's up to your business requirement.

22
00:01:43,470 --> 00:01:50,550
So whatever you mentioned in the database and in security configurations, they have to match that the

23
00:01:50,550 --> 00:01:51,960
names are up to us.

24
00:01:52,140 --> 00:01:57,330
And the way how these rules and authorities works are very similar in nature.

25
00:01:57,330 --> 00:02:06,200
In spring security, there is no difference on how you configure authorities and rules except the third

26
00:02:06,210 --> 00:02:10,500
names to differentiate whether these are an authority or roll.

27
00:02:11,100 --> 00:02:18,780
Usually we have to give you a prefix and this code for all roles which indicates to the spring security,

28
00:02:18,930 --> 00:02:24,830
OK, this is a rule, whereas without this prefix will be treated as a priority.

29
00:02:25,020 --> 00:02:29,220
So now we know what is authority, what is the rule.

30
00:02:29,470 --> 00:02:37,890
Let's try to understand in the next video how to configure rules inside database and how to configure

31
00:02:37,890 --> 00:02:41,490
them inside our application using spring security framework.

32
00:02:41,540 --> 00:02:42,350
And one by.