You are confusing authentication (even less relevant in context than encryption actually) with authorization.

Doing proper authorization without cryptography is difficult. Mixing it up with authentication is unnecessary but popular.

The authn/authz distinction is more impactful than encryption/cryptography nitting. Signatures are just encryption with a public key, yknow?