A rule contains a resource, one or more actions, and a value. Each action can have one or more values.
A resource defines the specific object that is being protected; for instance, an HTML page or a user’s salary information accessed using a human resources service.
An action is the name of an operation that can be performed on the resource; examples of web server actions are POST or GET. An allowable action for a human resources service , for example, can change a home telephone number.
A value defines the permission for the action, for example, allow or deny.
It is acceptable to define an action without resources for some services.