You need to setup Permissions in order to define what type of resources your Targets will be allowed/denied to access.
The resources available to grant permission will depend on the Target you select, and the rules will depend on the resource selected.
You can add more resources as wished. An operation OR is applied. Therefore, as you add more permissions, more resources will be included for verification.
If you use one permission with Deny, it will override any options using an Allow that contains the same condition.