A rule contains a service type, one or more actions, and a value. The rule, basically, defines the policy.
A service type defines the type of resource that is being protected.
An action is the name of an operation that can be performed on the resource; examples of web server actions are POST or GET. An allowable action for a human resources service might be to be able to change a home telephone number.
A value defines the permission for the action, for example, allow or deny.
It is acceptable to define an action without resources for some services.