Authorization Services
Access restricted areas of the operating system, and control access to particular features of your macOS app.
Overview
The Security.Authorization API is a programming interface to the Security Server and its policy database. This API facilitates access control to restricted areas of the operating system and allows you to restrict a user’s access to particular features in your macOS app. Use authorization services in:
Software that restricts access to its own tools
Applications that call system tools
Software installers that install privileged tools or require access to restricted areas of the operating system
As shown in the image below, the Security Server is a daemon running in the operating system that provides a trusted implementation of various security protocols, including authorization computation. In turn, the Security Server relies on the Security Agent to interface with users when authentication is needed. Thus an app can verify credentials (usernames and passwords) without ever accessing them directly. This authorization process also allows the means of authentication to change in the future (such as adding Touch ID) without your having to modify your app.
[Image]
Topics
Authorization References
Authorization Items
AuthorizationItemAuthorizationItemSetAuthorizationRightsAuthorizationEnvironmentAuthorization Name TagsAuthorizationFreeItemSet(_:)
Rights and Credentials
AuthorizationCopyInfo(_:_:_:)AuthorizationCopyRights(_:_:_:_:_:)AuthorizationCopyRightsAsync(_:_:_:_:_:)AuthorizationAsyncCallbackAuthorizationStringAuthorization Rights Flags
Import and Export
AuthorizationMakeExternalForm(_:_:)AuthorizationCreateFromExternalForm(_:_:)AuthorizationExternalFormkAuthorizationExternalFormLength
The Policy Database
AuthorizationRightGet(_:_:)AuthorizationRightSet(_:_:_:_:_:_:)AuthorizationRightRemove(_:_:)Policy Database Constants
Result Codes
See Also
Related Documentation
- Authentication, Authorization, and Permissions Guide
- Authorization Services Programming Guide