Define and apply security policy

Define and apply security policy

Security administrators protect system resources by defining a security policy. A security policy consists of the access control list (ACL) policies, protected object policies (POPs), and authorization rules. We can apply these policies and rules to the object representations of the system resources to be protected in the object space. We can apply ACL policies, POPs, and authorization rules to the same object.
The authorization service makes authorization decisions based on the policies applied to these objects. When a requested operation on a protected object is permitted, the resource manager responsible for the resource implements this operation.
One policy can dictate the protection parameters of many objects. Any change to an ACL policy, POP, or authorization rule affects all objects to which the policy is attached.

ACL policies

Protected object policies

Authorization rules

Parent topic: Default security policy