| 摘要 |
<P>PROBLEM TO BE SOLVED: To provide a facility for performing an access control check. <P>SOLUTION: A facility is executed as an integral part of an operating system executing on a computer and receives an authorization query to determine whether a principal has authorization to access a resource. The facility is maintained in storage of concentrated policies and applies policy that is applicable to the principal to determine whether the authorization to access the resource exists. The facility may start events based on an audit of the authorization queries. The facility may also record an indication of the authorization to access the resource in an audit log. The facility may determine whether the authorization query is a request for authorization to perform an inherently dangerous operation, and record the indication of the authorization to perform the inherently dangerous operation in the audit log. <P>COPYRIGHT: (C)2012,JPO&INPIT |
