All entities are associated with an authorization key. In order to access an entity the user has to have access to the authorization key. The key applies to both the published and the admin entity.
Exactly what authorization keys exist and who have access to them is application specific. A convention is to have two keys:
subject. Normally everyone is able to use the
none key, so it's suitable for public content, e.g. this article. The
subject key is different in the way that most users might be able to use the key, it will be different for each user. That makes it good for user private content, two users won't be able to access each other's content if it uses the
Applications can use the same facility to maintain content that should only be accessed by a group of users.