摘要 |
<p>A system for specifying an access control policy comprises: A user interface (13) for enabling a user to specify a plurality of policy rules comprising a subject attribute, an object, an action, and an authorization, the policy rules defining an access control policy (10). A translation means (9) for translating the access control policy into a machine readable data access control policy language to obtain a translated data access control policy (14). An output (11) for providing the translated data access control policy to an access control policy enforcing unit (50). A conflict detection means (2) for detecting at least two conflicting policy rules indicative of denial and allowance, respectively, of a possible access request. A conflict indication means (6) for indicating to a user information relating to the conflict. A conflict resolution input (7) for retrieving information from a user indicative of a conflict resolution.</p> |