Certified Secure Software Lifecycle Professional Practice

Authorization pertains to the process of determining what resources a user or program can access and what operations they can perform on those resources. In the context of this question, the correct answer highlights the specific nature of authorization, which is to provide explicit permission to access certain resources based on predefined policies or roles.

When a user is authorized, it means they have been granted access to specific resources like files, databases, or application features, according to the permissions that have been assigned to their identity or role within a system. This is essential for maintaining security and ensuring that only those who need access to certain functionalities or data are able to utilize them, thus protecting against unauthorized access.

The other options do not encapsulate the complete function of authorization. Restricted access to sensitive information can be a consequence of authorization, but it does not define what authorization does itself. General network access is too broad and does not specifically relate to individual resource permissions. Non-disclosure of data relates more to privacy and confidentiality rather than the access permissions that authorization conveys.