Let's try to clarify the definition of access. Access is the ability of the accessing entity of an object to interact with the object. Object in this sense doesn't refer to an ActiveX object or a COM object, but rather any logical or physical entity in the computing environment. The accessing entity isn't necessarily a person sat at a keyboard, but could quite easily be another object (for example, an ActiveX component running as an unattended service).
There are different types of access too. Broadly speaking, they are: view, read, change, delete and execute. Viewing means that the accessing entity is aware of the object in question, but can't do anything with it. Reading allows the accessing entity to view the contents of the objects, but not change that content. Change means that the contents can be updated, while delete means the object can be deleted by the accessing entity. Finally, there's execute. Execute is possibly the most 'dangerous' as the object may have access to other objects that the accessing entity normally has no access rights to.
There's a need to assign different levels of access to objects in a system. Access rights is the mechanism by which security-conscious operating systems (for example, Windows NT) follow in order to achieve this. Access rights specify what the accessing entity has the right to do with the object. Objects in the system have an associated list of access rights that specifies which accessing entities have which rights.
This brings us to the issue of how to ensure that the accessing entity is who they claim to be, so that they can be allowed to exercise the rights they may have. That is, the accessing entity must be authenticated.
In most computer systems that support security mechanisms, the notion of a user or account associates the accessing entity with certain access rights to the objects managed by the system. Any programs, then, that run on such systems, run 'on behalf of', or 'in the context of' a user or an account.
The security issue that arises immediately is that of ensuring that when an entity presents to the system its credentials purporting that it is user 'A', there's a mechanism to indeed verify that it is, or it is not, 'A'.
Authentication is the mechanism of ensuring or verifying the identity of the entities requiring access to a computer system and is based on the secure exchange of identity information.