Which concept determines what resources users can access after they log on?

The concept that determines what resources users can access after they log on is best described by authorization. Authorization refers to the process of specifying access rights and permissions for users after their identity has been verified through authentication. Once a user successfully logs in (having completed the authentication process), authorization determines the level of access and which specific resources the user can interact with, such as files, applications, or network resources.

Access control is a broader term that includes both authentication and authorization as part of managing user permissions. However, specifically, it is the authorization process that defines the actual permissions granted to the user post-login, focusing on what each user is allowed to do or access.

Authentication, while essential, pertains only to verifying a user's identity, not the resources they can access. Encryption involves securing data by converting it into a coded format that can only be read by someone who has the proper key or password, and it does not directly relate to user access rights.

Therefore, understanding that authorization is the key concept that delineates user permissions after successful authentication clarifies the correct choice in this context.