If you enable the security manager the any policies in force will halt the execution of your application at the first policy violation, making creating a policy tedious. With this feature enabled a developer can enable the security manager, but also set it to permissive mode. This will result in the required policy rules being logged, making policy generation possible.