Authorization is the granting of rights and permissions to an individual (or process) that enables access to an information resource. Once a user’s identity and authentication are established, authorization levels determine the extent of system rights that an operator can hold.  Examples of authorization entities are access control lists and security classes.