An authorization is a discrete right that can be granted to a role or a user. Authorizations are checked by compliant applications before a user gets access to the application or specific operations within the application.
Authorizations are user-level, and therefore extensible. You can write a program that requires authorization, add the authorizations to your system, create a rights profile for these authorizations, and assign the rights profile to users or roles who are allowed to use the program.