What is authorization?
The process by which access to a method or resource is determined. Authorization depends on the determination of whether the principal associated with a request
through authentication is in a given security role. A security role is a logical grouping of users defined by the person who assembles the application. A deployer maps security roles to security identities.
Security identities may be principals or groups in the operational environment.