Authorization Policies are guidelines for authorization. These policies are set by organizations for employees and implemented by the administrator
. Authorization policies enable or restrict employees' access to resources, whereby the guidelines specify how this is done in detail
.Authorization policies depend on the sensitivity of the resources and data
For highly sensitive data, more restrictive authorization policies apply than for non-sensitive data.
Thesecurity criteria defined in the authorization policies also depend on this.
Generally applicable rules apply to authorization policies. These include that each authorization policy has a name and is described in detail. Furthermore, each authorization policy is designed for a specific purpose and has certain privileges.