Authorization provides a user with complete or restricted access to an object, resource, or function. Data sources such as DB2 provide their own authorization mechanisms to protect the information that they manage. These authorization mechanisms assume that the user ID associated with the process that is executing the Net.Data request has been properly authenticated, as explained in Using Authentication. The existing access control mechanisms for these data sources then either permit or deny access based on the authorizations that are held by the authenticated user ID.