Defining Security Policies
When you enforce ADF authorization, all ADF resources are secure by default. To make these resources available to authenticated users, you must configure a policy store that consists of grants made to specific application roles, and you must assign to those roles the roles that you created in the identity store. Subsequent slides elaborate on these actions.
When you first configure ADF authorization, you are not required to have a policy store in place. The test-all role enables you to run and test your application before creating the policy store. However, eventually you need to customize the rights for members of actual application roles to access ADF resources.
Oracle ADF Security enables you to define an access policy for a variety of application resources. For example, you can control access to a particular task flow based on the access right grants that you make in the policy store for the ADF task flow.