# Manage permissions
# Understanding the permission model
The core of Authing's access control and authority management model is designed around two points: Resource and Policy. A policy defines a certain operation authority(s) for a certain resource (class). By authorizing the policy to a user (or role), you can know whether the user (or role) has operation authority for a certain operation of a resource . For details, see:
Understand Authing's Access Contorl Model# Manage resources
Use Authing to manage resources uniformly:
Manage Resources# Manage Strategy
Use the Authing console to manage policies and policy authorization:
Manage StrategyUse SDK to manage policies and policy authorization:
Manage Strategy# Quickly implement access control
If you think the strategy configuration is too complicated, you can use our SDK package method:
Manage Authority & Access Control