Authorisation Policy
Defines what a subject is permitted or not permitted (prohibited) to do to a target
Protect target objects from unauthorised management actions
?Target based interpretation and enforcement
Not specific to management
Notes:
Also what monitored information can be received by a manager
Managers cannot be trusted to interpret authorisation policy
Need authorisation policy to specify how to control access to resources by all users not just managers.