# Authorization
#cyber-security #cloud-security #rbac
Once you authenticate a user, you’ll need to decide where they can go, and what they’re allowed to see and touch. This process is called authorization.
Suppose you want to spend the night in a hotel. The first thing you’ll do is go to reception to start the “authentication process”. After the receptionist has verified who you are, you’re given a keycard and can go to your room. Think of the keycard as the authorization process. The keycard will only let you open the doors and elevators you’re permitted to access, such as for your hotel room.
In cybersecurity terms, authorization determines the level of access or the permissions an authenticated person has to your data and resources. Authorization is sometimes shortened to AuthZ.