The place of power and influence is something that can't be ignored, in every facet of human interaction, there is typically hierarchy. Software engineering isn't much different in this regard as users are made to have different levels and scope of influence. We typically have two types of users in software solutions, those with administrative access and those without it. It's kind of like how WhatsApp group admins have more influence than the normal members of the WhatsApp group chat ๐.
A RELATABLE EXPLANATION
Because software solutions aren't built to run independently without supervision or accountability partners, there is a provision for classes of users and a restriction on what these users can do in line with the scope of their authority. The how of assigning influence to accounts is falls under "roles, and claims, and policies". These three things do somewhat similar things in the sense that, these constructs are used to determine how much a user can do within the environment of a software solution.
Depending on how complex the assignment of responsibility is, roles can be used, or claims in more detailed scenarios and policies for the more complex scenarios. Authentication and authorization typically evaluate the "who is who" upon login. Recall that in the past I wrote about user authentication and authorization in much smaller capacities, the process of assigning roles is something that requires careful thought and thorough implementation as when it's done poorly, broken access control can happen.
FINALLY
Programming frameworks like ASP.Net (by Microsoft) make the process of setting these things up easier through scaffolding of the authorization and authentication process and making the process of defining roles easier. I should write about authentication, authorization and broken access control soon. I hope you have a great day ๐.