| 摘要 |
<p>To eliminate restrictions on the order of writing in an access control list. A permission rule and a prohibition rule are stored in advance. A rule is read out from an access control list accepted, and a determination is made as to whether the readout rule is contained in the permission and prohibition rules stored in advance. When the readout rule is not contained and when the readout rule is a permission rule, the readout rule is stored in the temporary storage unit. When the readout rule is not contained and when the readout rule is a prohibition rule, a determination is made as to whether the prohibition rule conflicts with the permission rule stored in the temporary storage unit. When the prohibition rule does not conflict, the prohibition rule is stored in the temporary storage unit. When the prohibition rule conflicts, the prohibition rule is converted to a prohibition rule by removing access target resources written in the permission rule from access target resources written in the prohibition rule on the basis of resource information, and the prohibition rule is stored.</p> |
