Authorization is the management of access control: who or what gets access to particular resources or information. The authorization process requires that the requesting entity be authentic.
Except for two cases, authorization in TiddlyWeb is managed by policies.
The two exceptions are instances of the same problem: the creation of policies. This is controlled by configuration items: bag_create_policy and recipe_create_policy.