If 3.1.1 authorizes access to the system, 3.1.2 authorizes permissions within the system. The rules of chess, for example, limit the types of functions allowed for each piece.
Organizations should prevent the release of nonpublic information on systems accessible to the public. Systems accessible to the public include websites and social media.
Identifying accounts and devices is foundational to creating a secure and accountable system. Accounts may have assignments to people and non-person entities. Establishing identity management policies and procedures supports the authorization and auditing functions.