From 0636d6a35fe5894aa34eb06de926f1cdaae437c1 Mon Sep 17 00:00:00 2001
From: Manuel Fink <manuel.fink@sap.com>
Date: Thu, 27 Nov 2025 13:45:02 +0100
Subject: [PATCH] add link to DCL documentation

---
 docs/.vitepress/config.js                   |  3 ++-
 docs/Authorization/AuthorizationPolicies.md | 29 +++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 docs/Authorization/AuthorizationPolicies.md

diff --git a/docs/.vitepress/config.js b/docs/.vitepress/config.js
index cffd468..9d49e9e 100644
--- a/docs/.vitepress/config.js
+++ b/docs/.vitepress/config.js
@@ -31,8 +31,9 @@ export default defineConfig(withMermaid({
                 text: 'Authorization',
                 items: [
                     { text: 'Getting Started', link: '/Authorization/GettingStarted' },
-                    { text: 'Startup Check', link: '/Authorization/StartupCheck' },
+                    { text: 'Authorization Policies', link: '/Authorization/AuthorizationPolicies' },
                     { text: 'Authorization Checks', link: '/Authorization/AuthorizationChecks' },
+                    { text: 'Startup Check', link: '/Authorization/StartupCheck' },
                     { text: 'Testing', link: '/Authorization/Testing' },
                     { text: 'Technical Communication', link: '/Authorization/TechnicalCommunication' },
                     { text: 'Deploying DCL', link: '/Authorization/DeployDCL' },
diff --git a/docs/Authorization/AuthorizationPolicies.md b/docs/Authorization/AuthorizationPolicies.md
new file mode 100644
index 0000000..4466767
--- /dev/null
+++ b/docs/Authorization/AuthorizationPolicies.md
@@ -0,0 +1,29 @@
+# Authorization Policies
+
+Authorization policies grant the right to perform actions on protected resources in an application. They can be assigned to users to control access to various parts of the application.
+
+Developers can define a set of base policies that can be assigned directly or used as building blocks to create additional policies during runtime by the application administrators.
+
+## DCL
+
+Authorization policies are defined in a domain-specific language called Data Control Language (**DCL**) that supports conditions that can be used to grant fine-grained access to resources.
+
+### Example
+Here is an example of authorization policies defined in DCL:
+
+```dcl
+SCHEMA {
+   country: String;
+}
+
+POLICY ReadSalesOrders {
+    GRANT read ON SalesOrders WHERE country IS NOT RESTRICTED;
+}
+
+POLICY SalesOrderDE {
+    USE ReadSalesOrders RESTRICT country = 'DE';
+}
+```
+
+### Specification
+The complete specification for DCL can be found in the [SAP Help Portal](https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/data-control-language-dcl).
\ No newline at end of file