Dynamic augmentation, reduction, and/or replacement of security information by evaluating logical expressions
Method, server, and computer product for modifying base permissions of access control lists (ACL) by evaluating logical expressions (LE). Base permissions are determined for a subject by comparing a name of subject against ACL entries for an object. ACL entries having LE entries are determined. LE e...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Method, server, and computer product for modifying base permissions of access control lists (ACL) by evaluating logical expressions (LE). Base permissions are determined for a subject by comparing a name of subject against ACL entries for an object. ACL entries having LE entries are determined. LE entries are evaluated to determine which LE entries are true for LE attributes of the subject. Set operators of LE entries are combined to single union ACL, intersect ACL, and replace ACL. Replace operation performed to replace base permissions with replace ACL, resulting in first output. If no replace ACL, base permissions are the first output. Union operation is performed on first output and union ACL, resulting in second output. If no union ACL, first output is second output. Intersect operation performed on second output and intersect ACL, resulting in third output. If no intersect ACL, permissions of second output are the third output. |
|---|