A
policy object is a single object or a
collective unit that groups discrete identities such as IP addresses,
URLs, applications, or users. With policy objects that are a collective
unit, you can reference the object in security policy instead of
manually selecting multiple objects one at a time. Typically, when
creating a policy object, you group objects that require similar
permissions in policy. For example, if your organization uses a
set of server IP addresses for authenticating users, you can group
the set of server IP addresses as an
address group policy
object and reference the address group in the security policy. By
grouping objects, you can significantly reduce the administrative
overhead in creating policies.