To effectively create policies, you need to understand the following concepts.
Each policy is composed of policy statements. Each statement declares that an actor can take an action with respect to a resource. Optionally, the statement may specify that the actor can take the action only for a specific purpose. It is assumed that any user not given access to a resource by at least one policy statement should be denied access to that resource.
Policy statements canbe entered or edited as text. The statements must have the format Actors can action resource. If a purpose is used for the statement, the format must be Actors can action resource for the purposes of purpose.
Each policy contains statements like:
Accountants can read and update accounting data.