Introduction to Authorization Services Programming Guide

Authorization Services defines a programming interface that facilitates fine-grain control of privileged operations, such as accessing restricted areas of the operating system and self-restricted parts of your Mac app. This document describes how to use Authorization Services to control these privileged operations.

Authorization Services Programming Guide explains the concepts behind authorization and provides examples of how to use Authorization Services.

Types of products that benefit from using Authorization Services include

For example, you can use Authorization Services to restart background processes or to gain access to restricted directories, such as the /Applications directory. Using Authorization Services properly in these situations greatly minimizes the possibility of your software inadvertently damaging restricted areas of the operating system, or allowing an unauthorized user access to these areas.

Your application can benefit from Authorization Services if it includes tools or performs operations to which you want only administrative users to have access.

Authorization Services uses the authentication mechanism in macOS. If future versions of macOS support additional authentication mechanisms, adopting Authorization Services now will enable your application to take advantage of these mechanisms with no change to your code.

Organization of This Document

Authorization Concepts introduces you to authorization in macOS and describes the difference between authorization and authentication. This chapter explores scenarios that use Authorization Services. Read this chapter to better understand whether your software could benefit from using Authorization Services.

Authorization Services Tasks explains in detail how to use Authorization Services in self-restricting applications, system-restricting applications, and privileged installers.

Glossary defines new terms introduced in this book.

See Also

See Authorization Services for details about the API.