| 摘要 |
<p>Resource authorization policies and resource scopes may be defined separately, thereby decoupling a set of authorization rules from the scope of resources to which those rules apply. In one example, a resource includes anything that can be used in a computing environment (e.g., a file, a device, etc.). A scope describes a set of resources (e.g., all files in folder X, all files labeled“Y”, etc.). Policies describe what can be done with a resource (e.g.,“read-only,”“read/write,”“delete, if requestor is a member of the admin group,”etc.). When scopes and policies have been defined, they may be linked, thereby indicating that the policy applies to any resource within the scope. When a request for the resource is made, the request is evaluated against all policies associated with scopes that contain the resource. If the conditions specified in the policies apply, then the request may be granted.</p> |
| 申请人 |
MICROSOFT CORPORATION |
发明人 |
LEACH, PAUL;MCPHERSON, DAVID;AGARWAL, VISHAL;NOVAK, MARK FISHEL;TANG, MING;RANGANATHAN, RAMASWAMY;KUKREJA, PRANAV;POPOV, ANDREY;BEN ZVI, NIR;NANDA, ARUN K. |
