Authorization is the process of determining what a subject is permitted to do and what resources that subject is allowed to access. It involves granting rights to allow users or programs to have access to a system or parts of a system. The user or program must first be authenticated in order to determine whether they are who they claim to be. Once they are authenticated, they can be authorized to access parts of a system.
Software architects should consider the granularity of privileges. If privileges are too coarse-grained, they may be too large and encompass too many rights. This may require privileges to be granted more frequently and give recipients more access than is necessary. In these types of cases, consider splitting up privileges into more fine-grained privileges to provide greater access control.