Authorization occurs after authentication is completed. Authorization is the process that determines whether the designated individual is approved to use the resource. Authorization is usually implemented via secure access control lists (ACLs).
An Access Control List (ACL) is an authorization mechanism that controls access to objects. Every object has an associated ACL. An ACL has multiple entries that define who can use the object and what operations can be performed on that object by that user. DCE ACLs are more flexible than UNIX ACLs to support access control to objects other than files.