In a policy, the privilege to access a resource is established by adding a rule to a policy. Rules identify specific resources and either allow or deny the user access to the resources. A single policy can establish privileges for many users: policies can be associated with an individual user, a user group, or the members of an entire user directory.
For example, in the following graphic:
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |