An authorization policy is "a set of conditions that define whether a user should be permitted or denied access to a protected resource."[1]