3👍
Object level permissions are used to determine if a user should be
allowed to act on a particular object, which will typically be a model
instance.
Authentication is the mechanism of associating an incoming request
with a set of identifying credentials, such as the user the request
came from, or the token that it was signed with. The permission and
throttling policies can then use those credentials to determine if the
request should be permitted.
A quote by Apple developer goes as,
Authentication or identification by itself is not usually
sufficient to gain access to information or code. For that, the entity
requesting access must have authorization.
To keep things simple,
Permission checks will typically
use the authentication information in the request.user and
request.auth properties to determine if the incoming request should be
permitted.Permissions are used to grant or deny access different classes of
users to different parts of the API.
To know more on how they interact, take a look at this
Hope it helps!