Explanation of built in System Access Policies
When the v2.4 patch is applied new, system generated Access Policies will be created to represent all the default Global Groups, such as Global Requestor, Global Approver, Global PAR Requestor, etc. Any users who were members of these groups will retain the group membership, but the group will now be assigned an Access Policy that represents the appropriate permissions. These System generated Access Policies will not be able to be edited, only disabled.
There will be 3 types of permissions for each user role. For example, there will be Requestor, PPM Requestor and PSM Requestor. The "Requestor" Access Policy grants permission to request both Passwords and Sessions, whereas the PPM and PSM versions, grants permission for only Passwords or Sessions respectively.
More information on Access Policies can be found in the Administrator Manual.