> You may find that your user account has permission to read the employee salary database. However, you may not be authorized to read that database by corporate policy because you are not a manager.
It's true that there are technical enforcement mechanisms, and corporate policies, but it is false that the former must be called permissions, and the latter must be called authorizations. The policies can easily be called either authorization or permission. It is true that we refer to e.g. Unix file permissions, and a corporate policy is more likely to use "authorization" but this is not a semantic difference--the corporate policy would be correct and binding if it used the word permission.
If a fellow employee asks you "do I have permission to do this?" you must say "no" (or alternately "you're not permitted, even though the computer will not enforce that"). Saying "yes" because there is a technical permission would be a very bad idea.
You are correct that it is not a law. If you, in a conversation, were to say "permission" in place of "authorization", you'll broadly be understood.
However, for as long as I've been in the business, those terms refer to different things. That is how it is taught in school, how it is referred to in documentation, how you have to understand them when you write your CISSP, how various governing bodies separate and refer to the ideas, etc.
During an audit, if you are asked for your authorization policy and you give them a list of file permissions, you are failing your audit (well, not really, but you'll probably get a scoff and a condescending clarification of what the auditor wants -- and it is never good when an auditor becomes condescending).
In a professional context, permissions are a specific technical enforcement of an authorization policy.
It's true that there are technical enforcement mechanisms, and corporate policies, but it is false that the former must be called permissions, and the latter must be called authorizations. The policies can easily be called either authorization or permission. It is true that we refer to e.g. Unix file permissions, and a corporate policy is more likely to use "authorization" but this is not a semantic difference--the corporate policy would be correct and binding if it used the word permission.
If a fellow employee asks you "do I have permission to do this?" you must say "no" (or alternately "you're not permitted, even though the computer will not enforce that"). Saying "yes" because there is a technical permission would be a very bad idea.