Example Role centric PEP

Web Policy Enforcement Point

Policy set

Policy

 

Rules

Deny accessto a user to a specific resource

Permit access to a specific user

Permit access to other users

Deny log

PolicySet TestWebPEP 2: MATCHES
> Policy WebPolicy2 1: MATCHES
> - Rule Deny access to bob to a specific resource: DENY
> - Rule Permit access to admin: NOT APPLICABLE
> - Rule Permit access to other users: PERMIT
> Decision: DENY
Decision: DENY