---
title: Policies
description: Authorization policies let Advanced Identity Cloud determine whether to grant a subject access to a resource.
component: pingoneaic
page_id: pingoneaic:am-authorization:configuring-policies
canonical_url: https://docs.pingidentity.com/pingoneaic/am-authorization/configuring-policies.html
keywords: ["Authorization", "Policy"]
page_aliases: ["authorization-guide:configuring-policies.adoc"]
---

# Policies

Authorization *policies* let Advanced Identity Cloud determine whether to grant a subject access to a resource.

A policy defines the following:

* *resources*

  The resource to which access is restricted, such as a web page, a mobile app, or a boarding area in an airport.

* *actions*

  The verbs that describe what users can do to the resource, such as *read* a web page, *submit* a web form, or *access* a boarding area.

* *subject conditions*

  Who the policy applies to, such as all authenticated users, only administrators, or only passengers with valid tickets for planes leaving soon.

* *environment conditions*

  The circumstances under which the policy applies, such as only during work hours, only when accessing from a specific IP address, or only when the flight is scheduled to leave within the next four hours.

* *response attributes*

  Information that Advanced Identity Cloud attaches to a response following a policy decision, such as a name, email address, or frequent flyer status.

|   |                                                                                                                                                                                                                                                                                                                                                                                                                |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Policy conditions don't determine the outcome of the policy but determine whether a specific policy is applicable and whether its actions should contribute towards the overall policy decision. If a condition fails (due to authentication failure, for example), Advanced Identity Cloud disregards the corresponding policy and assesses any other configured policies to make the authorization decision. |