When an application allows a logged-in user to perform specific actions, it is an example of what?

When an application permits a logged-in user to perform specific actions, this situation exemplifies authorization. Authorization is the process of determining what an authenticated user is permitted to do within a system. Once a user's identity has been validated through authentication, the system then evaluates their permissions based on predefined rules, roles, or attributes. This ensures that users can only access the resources and actions they are entitled to, aligning with the principle of least privilege.

For instance, in a web application, a user might be allowed to view documents, but not modify or delete them, depending on their role (such as viewer, editor, or administrator). This delineation of permissions is vital for protecting sensitive data and maintaining security within the application.

Understanding authorization is crucial for managing user actions effectively within identity and access management frameworks, as it helps regulate and control access to information and functions based on established policies.