Components in Enterprise Server can restrict their access. This means that the component's functionality can be restricted to users who have credentials and authorization. Access restriction is controlled by the Security Managers which can be stacked. ESCWA uses this stack to control authorization requests for ESCWA itself, Directory Servers, and enterprise server instances that ESCWA administers. ESF also has its own configuration options along with the stack it is using.
See About the External Security Facility (ESF) and About Security Managers for more information.
It is valid to have a single security manager in the stack and this will simplify system configuration.