Authorization is the process of determining if a user or system has permission to access specific resources or perform certain actions in the system. Authorization in distributed (or microservice) systems is much more difficult than in monolith applications since the permission check may depend on resources distributed in multiple services and databases. In this talk, I will introduce these challenges. Then, I will explain the ways of where to perform authorization logic, how to obtain data to perform the authorization logic and how to manage policies and permissions in a distributed system. The talk will include applying authorization logic for users and inter-service communication. By the end of the talk, participants will have a good understanding of what options they have and what advantages and disadvantages each option has.