A security manager can give one of four responses to a query: Allow, Deny, Fail (request rejected because an error occurred) and Unknown (indicating that the manager has no information relevant to the query). If all of the managers on the security manager list respond with Unknown, the default behaviour of the security facility is to deny the request - unknown users are unable to log in and nobody can access unknown resources. However, you can change this behaviour by setting the Allow unknown resources and Allow unknown users configuration options.
Setting Allow unknown users permits unknown users to log in. This will typically only be useful during development testing.
Setting Allow unknown resources allows everyone full access to unknown (undefined) resources. This may be useful where you only need to secure access to some of your resources.