Here are some common terms used in the security domain and their definitions.

Role: A business function that a user performs.

Resource: An item that needs to be secured in the application—for example, a screen, a report, a link, and so on.

Resource hierarchy/child resources: A resource can have one or more child resources under it, and these child resources can contain one or more child resources. This relationship is known as resource hierarchy.

Action: Users may have different types of actions that they are able to perform on different resources—for example, read, update, create, and delete.

Policy: Defines the action for a role to a secured resource in an application. A policy has three components: a role, a resource, and an action.

Authorization: States whether user access is permissible to a given resource under a policy. Permissible values are authorized, not authorized, and conditional.

Access condition: States whether a user must meet certain criteria to have access to a resource.