With Authorization Manager, you can manage application tasks and data access by creating Authorization Manager applications that access authorization stores.
An application is specific to an authorization store, and it is always located directly under its parent authorization store in Authorization Manager.
A single authorization store can contain authorization policy information for many applications. All applications in one authorization store can access all of the groups defined at the store level.
An authorization policy store must contain at least one application. For example, you may create one application to control access to a Web site and another application to control access to functions in a particular line-of-business software program. However, because both of these applications are used in the same company and may have similar requirements, it may make sense to include both applications in one authorization store.
You can control auditing at the application level. For more information, see "Additional references" in this topic.