主权项 |
1. A computer-implemented method of generating, on the basis of a textual representation of an attribute-based access control, ABAC, policy, an equivalent graphical representation of the ABAC policy,
wherein a computer system comprises a plurality of resources and an access control mechanism, which is configured to selectively restrict access to resources in accordance with the textual representation of the ABAC policy, the method comprising: defining a graphical symbol being a graphical counterpart of an element of an ABAC policy that is allowed under a predefined policy syntax and, optionally, defining a graphical symbol being a graphical counterpart of an allowed relationship between elements of the policy, wherein symbols are defined for at least a subset of all elements and relationships allowed under the policy syntax; initiating a data record indicative of a graphical representation; and traversing the textual representation of the ABAC policy and, in response to encountering an element or relationship for which a symbol has been defined, instantiating a corresponding symbol in the data record. |