Your applications access potentially sensitive information like personally identifiable information (PII), personal financial information such as credit card data, or sensitive corporate information like financial reports, product plans, or research data. Therefore, you must ensure only the right people have access or modification rights to that data.
The rules that say who can access what data, and under what circumstances, are complex and change frequently. Your application developers struggle to get the rules right, and by the time they finally do get them right, the requirements change and they need to reimplement them. Managing the ever-changing authorization rules is time-consuming, error-prone, and takes developers away from what they do best.