SYSTEMS AND METHODOLOGIES FOR CONTROLLING ACCESS TO A FILE SYSTEM

摘要

A method for controlling access to a file system having data elements, including the steps of maintaining a record of respective actual accesses by users of the file system to the data elements, defining a proposed removal of a set of the users from a superset of the users, wherein members of the superset have common access privileges to a portion of the data elements, and wherein following an implementation of the proposed removal, members of the set retain respective proposed residual access permissions, ascertaining, prior to the implementation of the proposed removal, that at least one of the respective actual accesses are disallowed to the members of the set, or to non-members of the set having actual access profiles which are similar to the actual access profiles of the members of the set, by the respective proposed residual access permissions, and generating an error indication, responsively to the ascertaining.

主权项

1. A computer-implemented method for controlling access to a file system having data elements, comprising the steps of:
maintaining a record of respective actual accesses by users of said file system to said data elements; defining a proposed removal of a set of said users from a superset of said users, wherein members of said superset have common access privileges to a portion of said data elements, and wherein following an implementation of said proposed removal, members of said set retain respective proposed residual access permissions to said data elements; automatically ascertaining, prior to said implementation of said proposed removal, that at least one of said respective actual accesses are disallowed to said members of said set, or to non-members of said set having actual access profiles which are similar to the actual access profiles of said members of said set, by said respective proposed residual access permissions; and generating an error indication, responsively to said step of automatically ascertaining.