Authorization policies for a protected resource might require a user to be authenticated before the data required by the policy can be obtained. However, you can configure authorization policies to use the data available without authentication. The following traces show how the log entries for an authorization policy trace are slightly different when the user is not authenticated.
For a trace of an Authorization policy that uses a role, see When an Authorization Policy Uses a Role.