Authorization is the act of granting a person or other entity permission to use resources in a secured environment. This is usually tightly linked to authentication. A person or other identity first authenticates and then is given pre-determined access rights. They now have the authority to take specific actions.
The process of deciding what permissions are given begins with policies--decisions made and documented by the owners of the resources. The policies may be based on a user’s identity or on the user’s role within the organization, or a combination of the two.