Techniques and system to manage access of information using policies

摘要

An information management system approves or denies user requests to access information of the system. The information includes all types of information including documents and e-mail. The information management system is driven using a policy language having policies and policy abstractions. The information management system may approve or deny many different types of requests including opening a document or file, copying a file, printing a file, sending an e-mail, reading an e-mail, cut and paste of a portion of a document, saving a document, executing an application on a file, and many others.

主权项

1. A method of managing information comprising:
providing an organization having an information management system comprising a policy server comprising one or more rules and policy abstractions to manage information of the organization, wherein a rule comprises an expression having a policy abstraction, and each policy abstraction has a corresponding definition statement stored separately from the rule; within the organization, providing a user logged onto a device and a confidential document managed by the information management system; evaluating at the policy server first and second subexpressions of a first rule, wherein the first subexpression has a first abstraction having a first definition statement, and the second subexpression has a second abstraction having a second definition statement; after evaluating at the policy server, altering at the policy server the first rule by removing at least one of the first or second subexpression of the first rule to obtain an altered first rule; transmitting to the device the altered first rule, wherein the altered first rule comprises a fewer number of subexpressions than the first rule; at the device, when the user attempts to access the confidential document, seeking approval based on the altered first rule; if approved, permitting the user to access the confidential document; and if not approved, blocking the user from accessing the confidential document.