Before creating policies, you need to design your policy strategy. For example, if you are going to use role-based access, decide which roles you need and which roles allow access to your protected resources.
You must first create roles required for Authorization policies that grant and deny access. If you have already created the roles and assigned them to users in your LDAP user store, you can use the values of your role attributes in the Authorization policies instead of using Access Manager roles.
To create a policy, see the following sections: