An
authorization contraint
is a set of roles that are defined to have access to the web resource collection.