How is user access managed and authorized?

Domain administrators can control who can sign into the App Store via standard Azure AD configuration.
User access to data is managed through App Store Connect local configuration.
Applications can access data on behalf of a user only if the user has consented to this.

How is user access managed and authorized?