Authorization Policy & how to configure one on Oracle Access Manager 11.1.1.5 (11g)

Each resource assigned to an application domain can be protected by only one authorization policy. In an automatically generated application domain, the following authorization policies are seeded as defaults: Protected Resource Public Resource Administrators can create an authorization policy to protect access to one or more resources based on attributes of an authenticated user or the environment. The authorization policy provides the sole authorization protection for resources included in the policy. Authorization policies are local, which means that each policy applies only to the resources specified for the policy. A policy cannot be derived or applied to any other resource. A single policy can be defined to protect one or more resources in the application domain. However, each resource can be protected by only one authorization policy.  OSSO Agents use only the authentication policy and not the authorization policies. Authorization Policy Response Authorization Response defines the action that must be fulfilled after successful Authorization.  Authorization Constraints Authorization Constraint is a rule that grants or denies access to a particular resource based on the context of the request. Authorization Constraints are applicable specific to an Authorization Policy. Constraints have TYPE and CLASS. Constraint Type has the values Allow or Deny, which allow or deny access resource. Constraints Class consists of Identity, Temporal, and IP4 Range.