Authorization

RBAC grants permissions by job role, ABAC evaluates attributes (department, device, time of day) at access time, and DAC lets resource owners set permissions at their discretion; MAC enforces central labels and is reserved for high-security environments. Authorization always follows authentication — you cannot scope what a principal may do until you have established who they are.