The practice of limiting access to system resources based on a user's identity, role, or other criteria.