A system within a PEP used to grant, deny or revoke permissions of a user based off its given security policy list.