You use authorization types within your deployment to accomplish the following:
Restrict a list of a single type of objects to those specific for a purpose (very similar to SubType). For example, <AuthType name=’foo’ extends=’moo’/>
Group objects of different types to make them available to a specific class of administrators. For example, <AuthType name=’foo’ extends=’red,green,blue’/>
This second approach is much harder to configure because administrators with rights on the parent types (red, green, blue) will also have access to type ’foo’.