Access rights or entitlements?
Gartner defines an entitlement as:
|An entitlement is the object in a system's security model that can be granted or associated to a user account to enable that account to perform (or in some cases prevent the performance of) some set of actions in that system. It was commonly accepted that this definition of entitlement referred to the highest-order grantable object in a system's security model, such as an Active Directory group membership or SAP role and not lower-order objects such as single-file permission setting.|
Definition by Ian Glazer, in Access Certification and Entitlement Management v1, September 9, 2009.
In this document, the terms "access management" and "entitlement management" are used interchangeably. Some people prefer to speak about granting or revoking entitlements, while others refer to access rights. Ultimately, these are objects on systems and applications. These objects are usually called security groups or roles. Login accounts are either made members of such groups/roles or a login account's group/role membership is revoked.