---
title: Policies
description: Authorization policies let AM determine whether to grant a subject access to a resource.
component: pingam
version: 8.1
page_id: pingam:am-authorization:policies
canonical_url: https://docs.pingidentity.com/pingam/8.1/am-authorization/policies.html
keywords: ["Authorization", "Policy"]
page_aliases: ["authorization-guide:policies.adoc"]
---

# Policies

Authorization *policies* let AM determine whether to grant a subject access to a resource.

A policy defines the following:

* *resources*

  The resource to which access is restricted, such as a web page, a mobile app, or a boarding area in an airport.

* *actions*

  The verbs that describe what users can do to the resource, such as *read* a web page, *submit* a web form, or *access* a boarding area.

* *subject conditions*

  Who the policy applies to, such as all authenticated users, only administrators, or only passengers with valid tickets for planes leaving soon.

* *environment conditions*

  The circumstances under which the policy applies, such as only during work hours, only when accessing from a specific IP address, or only when the flight is scheduled to leave within the next four hours.

* *response attributes*

  Information that AM attaches to a response following a policy decision, such as a name, email address, or frequent flyer status.

|   |                                                                                                                                                                                                                                                                                                                                                                                           |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Policy conditions don't determine the outcome of the policy but determine whether a specific policy is applicable and whether its actions should contribute towards the overall policy decision. If a condition fails (due to authentication failure, for example), AM disregards the corresponding policy and assesses any other configured policies to make the authorization decision. |