Authorization is needed in most applications, but just because it’s commonly used doesn’t mean it has to be a service. The actual function of authorization can be achieved with or without implementing it as a service. So before embarking on a project to create or use an authorization service, you need to have a clear idea of the potential benefits. So what are some of the unique advantages of defining and using authorization as a service? The overall goal is improved authorization management, that leads to having the right authorizations in place and enforced. Some of the improvements that a service offers are: 

• Authorization rules can be reused in multiple applications
• A common authorization user interface can be created
• Enables authorization maintenance to be distributed
• Enables a centralized business process to be created
• Enables the substitution of the authorization mechanism 
 
Sometimes the advantages of a service are only gained over the long-term, and are not immediately apparent. If you are not interested in these benefits, then the extra work of isolating the authorization function as a service might not be worthwhile. Having the benefits clearly in mind will help drive the authorization design.

The main benefits of using Authorization as a service are centered around integration. If two systems handle the same set of resources, then there may be authorization rules that they could share. For example, if there is a financial system, and a separate financial reporting system such as a Warehouse, they both might need to know who has access to what information. If each system were to maintain separate authorizations, they not only duplicate work, but risk being out of sync. Managing common authorizations in the same place avoids this problem.

A well-designed authorization service makes it possible to distribute authorization control to people who know the resources and people involved. This enables the authorization management to be put in the hands of the person responsible for the resources; the person who should be making the authorization decision. This greatly increases the likelihood that appropriate authorizations are in place. Without being able to distribute authorization management; authorization requests often go through a chain of people or to a central place, where the chances of miscommunication increase. In this situation, the people entering the information don’t really know if the rule makes sense and aren’t in the position to catch inadvertent errors.  
 
Having a common authorization service allows authorizations from different applications or areas, to be displayed and maintained with the same tool. Having a common approach for authorizations makes it easier to train users. Once they understand how authorizations work in one area, such as finances, then it is much easier to understand a similar model in HR. It still is possible to have authorization maintenance functionality built into specific applications using a service, but it also creates the option of having a dedicated application for authorization maintenance.

Having a common authorization service also enables other centralized processes to be managed. For example, when an employee comes on board or is terminated, there is one place to go to adjust authorization rules. In addition, audit procedures are easier to implement in the area of authorization management.

These benefits go beyond ordinary authorization functionality, but are examples of where a service is particularly effective. Having a clearly articulated a set of goals for an authorization service is the first step towards implementation.