| 摘要 |
A method for controlling access of a principal to a plurality of resources is disclosed. The method includes organizing each of the plurality of resources such that they are capable of classification by a set of hierarchies. Access permissions are assigned to each role of a set of roles, each role capable of being associated with the principal. Assigning a role of the set of roles to the principal, and associating the role assignment with at least one first resource of the plurality of resources within the first hierarchical structure. The method continues with retrieving the role assigned to the principal, retrieving one or more access permissions for the role, dynamically creating a request permission in response to an attempted action by the principal, comparing the request permission to the access permission, and, in response to determining that the access permission allows the request permission, granting access.
|
