Visually representing and managing access control of resources

摘要

A method and system for controlling access to a resource. Visual representations of the resource and an entity are included in a display. Assignments of an access control requirement to the resource visual representation and an attribute to the entity visual representation are received. A movement in the display of the entity visual representation to a position proximate to a boundary of the resource visual representation is detected. The attribute assigned to the entity visual representation is determined to satisfy the access control requirement assigned to the resource visual representation. The entity is permitted to access the resource based on the attribute satisfying the access control requirement. A movement in the display of the entity visual representation across the boundary and a placement of the entity visual representation within the boundary of the resource visual representation are permitted based on the entity being permitted to access the resource.

主权项

1. A method of controlling access to an information technology (IT) resource, said method comprising:
a computer initiating a display including a visual representation of said resource and a visual representation of a first entity; said computer receiving an assignment of an access control requirement to said visual representation of said resource; said computer receiving an assignment of a first attribute to said visual representation of said first entity; said computer detecting a movement in said display of said visual representation of said first entity from outside a boundary of said visual representation of said resource to a position close to said boundary of said visual representation of said resource; responsive to said detecting said movement to said position close to said boundary, said computer determining said first attribute assigned to said visual representation of said first entity satisfies said access control requirement assigned to said visual representation of said resource; said computer determining said first entity is permitted to access said resource based on said first attribute assigned to said visual representation of said first entity satisfying said access control requirement assigned to said visual representation of said resource; said computer permitting a movement in said display of said visual representation of said first entity across said boundary of said visual representation of said resource and permitting a placement in said display of said visual representation of said first entity within said boundary of said visual representation of said resource based on said first entity determined to be permitted to access said resource; said computer initiating said display further including a visual representation of a second entity; said computer receiving an assignment of an exclusion control requirement to said visual representation of said resource; said computer receiving an assignment of a second attribute to a visual representation of a second entity; said computer detecting a second movement in said display of said visual representation of said second entity from outside said boundary of said visual representation of said resource to said position close to said boundary of said visual representation of said resource; responsive to said detecting said second movement to said position close to said boundary, said computer determining said exclusion control requirement indicates exclusion based on said second attribute or based on a state of one or more other entities associated with said exclusion control requirement; said computer determining said second entity is not permitted to access said resource based on said exclusion control requirement indicating exclusion; and said computer presenting a visual cue in said display and optionally presenting a notification based on said second entity determined to be not permitted to access said resource, wherein said visual cue and said notification indicate to a user that said second entity is not permitted to access said resource.