NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 3.0 Security Architecture

Authentication vs Authorization (AuthN / AuthZ)

**Authentication (AuthN)** proves who students are (password, key, token). **Authorization (AuthZ)** decides what an authenticated identity is allowed to do. Distinct concerns. a user can pass AuthN and still be denied by AuthZ.

How this shows up at NCAE

Postgres error 'connection refused' is a network problem (before AuthN). 'password authentication failed' is an AuthN failure. 'permission denied for relation X' is AuthZ. Each requires a different fix.