Authentication verifies a user's identity before granting access to resources, ensuring only legitimate users are allowed into the system. It serves as the first line of defense against unauthorized access.
Authorization specifies what a user is allowed to do by defining permissions and access rights for each individual or role. It ensures users can only access resources or perform actions they are explicitly permitted to.
Auditing monitors and logs user activities to ensure compliance, detect suspicious behaviors, and maintain security records. It provides a critical feedback loop for improving security policies and practices.