Once a user is authenticated, authorization technologies are used to allow or prevent actions by that user based on predefined rules. Authorization technologies support the principles of legitimate use, least privilege, and separation of duties. These technologies help to define and maintain what actions an authenticated user can perform once granted access to a system. Operating systems have some built-in authorization features such as user rights and privileges, groups of users, and permissions for files and folders. Network devices, such as routers, may have access lists that can be used to authorize those who can access and perform certain actions on the device. Access rights and privileges can be used to implement security policies that determine what a user can do after being allowed into the system.