Authorization policies are used when you want to protect a resource based on criteria other than authentication, and you want Access Manager to enforce Access restrictions. Authorization policies are enforced when a user requests data from a resource.
Access Manager supports Access Gateway Authorization policies for protecting resources of Access Gateway.
The first step in creating an Authorization policy is determining the criteria for restricting access. The second step is translating those criteria into rules and conditions for a policy. This section describes the policy elements, but your resource and your security requirements determine which elements to use when creating the policy.