Enforce access control so that authenticated identities can only perform operations for which they are specifically authorized.