主权项 |
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
storing policy data for a plurality of entities, including:
storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, andstoring second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user; receiving a message from the user for being transmitted in a network, the message for accessing by the user the information; in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group; in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy; evaluating the combined policy with respect to the received message; determining whether the message is associated with a policy violation, based on the evaluation of the combined policy; allowing the user to access the information when the determination is that the message is not associated with the policy violation; and denying the user access to the information when the determination is that the message is associated with the policy violation. |