authorization policy

Authorization Policies are guidelines for authorization. These policies are defined by companies for their employees and implemented by the administrator.

Authorization policies allow or restrict employees' access to resources, and the policies specify how this is done.

Authorization policies depend on the sensitivity of the resources and data. For highly sensitive data, more restrictive authorization policies apply than for non-sensitive data. The security criteria defined in the authorization policies also depend on this.

Generally applicable rules apply to authorization policies. These include that each authorization policy has a name and is described in detail. Furthermore, each authorization policy is designed for a specific purpose and has certain privileges.