When authorizing at the application case level, the programs to be considered must be determined using rules. This is done via the ApplicationAuthorisationInterfaceRuleSet rule set.