--- title: Managing policies description: Policies automatically grant permissions to users or groups based on predefined criteria. component: privilege page_id: privilege:privileged-access-management:admin-tasks/access-management/policies canonical_url: https://docs.pingidentity.com/privilege/privileged-access-management/admin-tasks/access-management/policies.html revdate: February 16, 2026 section_ids: creating-an-access-policy-for-targets: Creating an access policy for targets creating-an-access-policy-for-cloud-resources: Creating an access policy for cloud resources editing-an-access-policy: Editing an access policy deleting-an-access-policy: Deleting an access policy --- # Managing policies Policies automatically grant permissions to users or groups based on predefined criteria. They're ideal for managing time-based access for projects with fixed durations. ## Creating an access policy for targets To create a policy that grants access to a specific target, such as a server or database: 1. In the PingOne Privilege admin console, click **Targets**. 2. Locate the target you want to grant access to and click **More Info**. 3. On the target details page, click **Create Policy**. 4. Click **Continue**. 5. Select the users or groups who'll be granted access through this policy. Click **Continue**. 6. Enter a **Policy Name** and define the policy's active period by setting a **Start Date**, **Start Time**, **End Date**, and **Hours**. 7. Click **Submit** to save and activate the policy. ## Creating an access policy for cloud resources To create an access policy for a cloud resource: 1. In the PingOne Privilege admin console, go to **Access Management > Resources**. 2. In the **Resource Catalog**, find the resource you want to create a policy for. Click **Policy**. 3. In the list, select one or more identity and access management (IAM) roles to include in the policy. Click the **[icon: plus, set=fa]**icon to add them to the queue. When you've selected all the roles to include, click **Add To Request Queue**. 4. When you've added all necessary resources, click **Continue**. 5. Enter a **Policy Name** and define the policy's active period by setting a **Start Date**, **Start Time**, **End Date**, and **Hours**. 6. Click **Submit** to save and activate the policy. ## Editing an access policy To extend an active policy: 1. In the PingOne Privilege admin console, go to **Policies**. 2. Locate the policy you want to edit and click **More Info** to open the policy details page. You can edit the users, resources, and the expiry of the active policy. ## Deleting an access policy To delete a policy: 1. In the PingOne Privilege admin console, go to **Policies**. 2. Locate the policy you want to delete and click **More Info** to open the policy details page. 3. Click **Delete Policy**. 4. In the confirmation modal, click Delete. The policy is immediately deleted.