Access Manager also includes a policy service that provides access control to web-based resources in a Java ES environment. A policy is a rule that describes who is authorized to access a specific resource under specific conditions. The authorization sequence is shown in the following figure.
When an authenticated user makes a request for any resource secured with Access Manager (1), the policy agent notifies the policy service (2), which uses information in Directory Server (3) to evaluate the access policy governing the resource to see if the user has permission to access the resource (4). If the user has access privileges (5), then the resource request is fulfilled (6).
Access Manager provides the means for defining, modifying, granting, revoking, and deleting policies within an enterprise. The policies are stored in Directory Server and configured through policy-related attributes in organization entries. Roles can also be defined for users and incorporated in policy definitions.
Access Manager policy agents are the policy enforcers. When the policy service rejects an access request, the policy agent prevents the requesting user access to the secured resources.