Remote Authentication Dial-In User Service (RADIUS) uses a AAA framework, which stands for the three chain links of security: authentication, authorization, and accounting.
Authentication - When a user enters a username(known as the "principal") and password (known as the "credential"), a RADIUS server takes the principal and credential and adds what is called "context," which gives a frame of reference for each user, to grant access to the network.
Authorization - Once a user has gained access to the network, a RADIUS server authorizes what the user can and cannot do on the server. Authorization determines what parts of the network can be accessed, what applications can be used, what additional servers and the length of time users can spend on the network.
Accounting - Whatever the user does after accessing the server, RADIUS monitors and records how the client uses the network and bills the client accordingly, while ensuring the system doesn't overload.