When you define a security context, you specify the types of resources to protect in that context. For example, you can choose to protect files and directories. Then you have to specify exactly which resources and which actions to protect. For example, you can limit write access to files at a specific path name.
After you define resources, you define a security policy that matches resources to users and groups. You grant access to a protected resource by adding both rules and users to a policy. The users and user groups you add to a policy are authorized to use the resources protected by the security context.