Scalable groups and access contracts are the basic building blocks of an access control policy. While creating an access control
policy, you can use the scalable groups and contracts that you have created before, or create new scalable groups and contracts
while creating the policy.
If you want to specify the network resources that can be accessed from a specific source group, you can create an access control
policy with a single source and multiple destination groups. On the other hand, if you want to specify the source groups that
are permitted to access a particular network resource, you can create an access control policy with a single destination and
multiple source groups.
For example, if you want to specify the network resources that can be accessed by the users associated with the Contractors source scalable group, you can create an access control policy with a single source and multiple destination groups. If you
want to specify the source groups that are permitted to access the Finance Servers destination scalable group, you can create an access control policy with a single destination and multiple source groups.
Group-based access control policies can also be created or updated based on the
traffic flows for a given source and destination group pair.
To create a group-based access control policy, use the following procedure.