# Implementing a PDP
<a name="pdp"></a>

The policy decision point (PDP) can be characterized as a policy or rules engine. This component is responsible for applying policies or rules and returning a decision on whether a particular access is permitted. A PDP can function with role-based access control (RBAC) and attribute-based access control (ABAC) models; however, a PDP is a requirement for ABAC. A PDP allows authorization logic in application code to be offloaded to a separate system. This can simplify application code. It also provides an easy-to-use repeatable interface for making authorization decisions for APIs, microservices, Backend for Frontend (BFF) layers, or any other application component. 

The following sections discuss three methods for implementing a PDP. However, this is not a complete list.

**Topics**
+ [Implementing a PDP by using Amazon Verified Permissions](avp.md)
+ [Implementing a PDP by using OPA](opa.md)
+ [Using a custom policy engine](custom-policy-engine.md)