Authorization

Yes they are authenticated now, yet what they are authorized to do?

For example an OS sets different capabilities for different users

Or a web app might have read/write permissions for each user

Authorization levels helps managing the permissions