When a user initiates an access request, the system performs an authorization check based on the actions defined in the access policies granted to the user. The authorization rules are as follows:
Figure: System Authorization Logic Diagram
1.A user initiates an access request.
2.The system looks for a Deny among the applicable actions of the policies from which the user gets permissions. If the system finds an applicable Deny, it returns a decision of Deny.
3.If no Deny is found applicable, the system looks for an Allow that would apply to the request. If the system finds an applicable Allow, it returns a decision of Allow.
4.If no Allow is found applicable, the system returns a decision of Deny, and the authentication ends.