Authorization is the process of determining what an authenticated entity is permitted to do. It answers the question, "What can this user or system access?" Unlike Authentication, which verifies identity, authorization governs specific Access Control to resources or functions.