Definition of PolicySeveral types of business policies may be associated with Roles and with Resources:
- Authorization Rules. For example, whose authority is required to attach a new Resource to a Role?
- Resource Exclusion Rules / separation of duties policies (the two terms are basically synonymous). In particular, what sets of resources must never be concurrently assigned to the same user?
- Prerequisite Rules. In particular, which Resources must a user already have before he can be assigned a specific new Resource?
- User selection Rules for a Role. For example, users whose department ID is X and whose location is Y should get role Z.