IDOCs SHOULD NOT use the term to refer to a mixed set containing both persons and processes. This exclusion is intended to prevent situations that might cause a security policy to be interpreted in two different and conflicting ways. A system user can be characterized as direct or indirect: