Authorization is the process with which Access Manager evaluates policies associated with a user’s identity, and determines whether an authenticated user has permission to access a protected resource. The Access Manager Policy Service enables authorization to take place. It consists of the following components:
Policy plug-ins
A framework for connecting policy plug-ins
A core policy component
A graphical user interface
Client APIs
The Policy Service interacts with Access Manager service configurations, a delegation plug-in (which helps to determine a network administrator’s scope of privileges), and identity repository plug-ins to verify that the user has access privileges from a recognized authority.