A permission policy is just a regular policy, only that it is attached to a role instead of a user. It specifies what the role can or cannot do.