A user authorization system prevents users from accessing features they do not have permission for. What is this process called?

The process described in the question, where a user authorization system restricts access to features based on a user's permissions, is known as authorization.

Authorization takes place after authentication, which is the step where a user's identity is verified—typically through credentials like a username and password. Once a user is authenticated, the system determines what resources or features they are permitted to access, which is the essence of authorization. It ensures that users can only enter areas or utilize functionalities that correspond to their granted permissions, thereby maintaining security and proper access control within the application.

For instance, in a web application, an admin might have access to all features, such as user management and settings, while a standard user may only have access to view and edit their profile. This delineation of what users can do is the core of the authorization process.

Other terms, such as verification and validation, refer to different processes in the context of data integrity and correctness rather than access control. Thus, understanding the distinction between these terms clarifies why authorization is the correct answer in this context.