Enabling Users to Access Resources
To grant users access to resources, you first set up users and roles in the identity store as part of a security realm. You then define application roles in the policy store and assign identity store roles to the application roles.
Permissions to use resources are granted to roles, rather than to users directly.
The next few slides elaborate on these concepts.