| 摘要 |
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for location based network usage policies. One of the methods includes storing information defining a plurality of network policy groups, receiving first information indicating that a client device is connected to the network at a first physical location, and identifying a first user role associated with the client device, identifying, from among the plurality of network policy groups, a first network policy group having both (i) an associated first policy location that corresponds to the client device's first physical location, and (ii) an associated policy role that corresponds to the client device's first user role, and regulating the client device's access to resources available on the network based on the one or more network usage policies associated with the identified first network policy group. |
| 主权项 |
1. A method performed by a data processing apparatus, the method comprising:
receiving first information indicating that a client device is connected to a network at a first physical location, and identifying a first user role associated with the client device; identifying, from among a plurality of network policy groups that each has a corresponding policy location and a corresponding policy role, a first network policy group having both (i) a first policy location that corresponds to the client device's first physical location, and (ii) a policy role that corresponds to the client device's first user role; receiving, from the client device while the client device is associated with the first physical location, a first resource request to access a resource available on the network; determining, while the client device is associated with the first physical location and in response to receiving the first resource request, first access permissions for the client device to the requested resource using the first network policy group; receiving second information indicating that the client device is connected to the network at a second physical location, and identifying a second user role associated with the client device, the second physical location different from the first physical location; identifying, from among the plurality of network policy groups, a second network policy group having both (i) a second policy location that corresponds to the client device's second physical location, and (ii) a policy role that corresponds to the client device's second user role; receiving, from the client device while the client device is associated with the second physical location, a second resource request to access the resource; and determining, while the client device is associated with the second physical location and in response to receiving the second resource request, second access permissions for the client device to the requested resource using the second network policy group; wherein identifying the first network policy group further comprises: identifying a subset of network policy groups for the client device using the first user role and the first physical location, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, wherein the policy location for each of the network policy groups in the subset of network policy groups is the same as the first physical location and the policy role for each of the network policy groups in the subset of network policy groups is the same as the first user role; comparing the priority information associated with each of the network policy groups from the subset of network policy groups; and selecting a highest priority network policy group from the subset of network policy groups as the first network policy group, the highest priority network policy group having a higher priority than other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group. |
