The Policy Manager is a service in the field of secure identity and access management. In this context, the Policy Manager delivers policies signed in electronic form, which represent user access authorizations related to requested use cases, to business applications.
The Policy Manager works with the concept of roles, which correspond to a sum of authorizations or access rules. Roles are activity related, permissions can be marked as inheritable / assignable. In order to access a specific resource, a suitable role must be designated for it.
A business application can query the above mentioned policies for access and authorization checks via the interfaces of the Policy Manager. Access to the Policy Manager interfaces is token based. For this purpose, a signed token is created by the IdP, which contains the corresponding user information that can be used to check access authorization to the Policy Manager interfaces.