Personalization should be considered separately from access control, but they do interrelate.
Personalization itself does not create any form of access control. It is simply a method of steering what the user sees; it does not restrict the user from accessing other content and as with any content, they need to have the correct access controls already assigned.
However, access control can be used to create a form of personalization. If you allow or deny a user access to content, this inevitably affects the choice of content that they have available - thus personalizing their web-experience.