Access control in data processing system
First Claim
1. A method comprising:
- determining, by a processor, whether a policy data structure defines an authorization for a request to access a resource, the policy data structure defining a plurality of predetermined authorizations, each predetermined authorization relating to authorization of at least one user to access at least one resource, each predetermined authorization further relating to a plurality of dynamic access requests, each dynamic access request indicating a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request;
in response to determining that the policy data structure defines an authorization for the request to access the resource, applying the authorization, by the processor, to determine whether to grant the request;
in response to determining that the policy data structure does not define an authorization for the request to access the resource,determining, by the processor, whether the policy data structure defines a dynamic access requirement determinative for the request;
in response to determining that the policy data structure defines a dynamic access requirement determinative for the request,determining, by the processor, whether to grant the request in accordance with the respective set of attributes associated with the request;
for at least one user request, after determining whether to grant the request, adding a dynamic authorization relating to authorization to access the resource within the request, by the processor, to the policy data structure.
0 Assignments
0 Petitions
Accused Products
Abstract
A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure.
-
Citations
10 Claims
-
1. A method comprising:
-
determining, by a processor, whether a policy data structure defines an authorization for a request to access a resource, the policy data structure defining a plurality of predetermined authorizations, each predetermined authorization relating to authorization of at least one user to access at least one resource, each predetermined authorization further relating to a plurality of dynamic access requests, each dynamic access request indicating a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request; in response to determining that the policy data structure defines an authorization for the request to access the resource, applying the authorization, by the processor, to determine whether to grant the request; in response to determining that the policy data structure does not define an authorization for the request to access the resource, determining, by the processor, whether the policy data structure defines a dynamic access requirement determinative for the request; in response to determining that the policy data structure defines a dynamic access requirement determinative for the request, determining, by the processor, whether to grant the request in accordance with the respective set of attributes associated with the request; for at least one user request, after determining whether to grant the request, adding a dynamic authorization relating to authorization to access the resource within the request, by the processor, to the policy data structure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification