The File-PEP operates between a user application and the file server. The PEP intercepts each request, determines if the user is authorized to perform the requested action given sensitivities of each file.
[Source: https://www.omg.org/spec/IEF-RA/1.0/]