The User Authentication Framework 62 Creating Rules From the list of security contexts that is now visible, click on your new context, Extranet. The New Security Context form shown in Figure 6.3 allows you to create rules and assign policies. Click the Rules button to view the Resource Rules list for this security context. Notice the Resource Type list. You want to restrict access to certain areas of the extranet that display parts information, so you need to use the Application type. Enter Parts in the Rule Name field, choose UserObject from the Resource Type list, and click Add. The New Resource Rule form shown in Figure 6.4 requests a description of your rule as well as an application name. You should be as detailed as possible when entering text in the Description field so that you will remember exactly what the rule is for later. In the Description field, enter This rule restricts parts data access to suppliers only. Read only access is gran- ted.. Enter Parts list in the UserObject Name field so that you know the list of parts is to be secured. Enter view in the Action field so that you know you are granting read permission for this resource. Then click Add. You then should see the Resource Rules list (refer to Figure 6.3), and you should see your new rule in the list.