Authorization is the process of discovering what a principal is allowed to do. Authorization generally takes place after authentication, and it uses information about the principal's identity to determine what resources the principal should have access to. NGWS runtime role-based security can be used to implement authorization.