The process of determining what permissions an authenticated user has access to. It’s the step that follows authentication – once the system confirms the user’s identity, it then determines what resources, data, or areas the user can access or manipulate based on predefined policies or rules.