| 摘要 |
<p>A computer-implemented method for controlling user access to secured data resources includes a step of inventorying data resources that are to be secured. Thereafter, a requirements data structure may be generated that includes one element mapped to each of the inventoried data resources, each element being configured to store a requirement value that is set according to an authorization level necessary to access the mapped data resource. For each user to have access to any of the inventoried data resources, a grant data structure may be defined that includes one element mapped to each of the plurality of data resources, each element being configured to store a grant value that is set according to an authorization granted to the user to access the mapped data resource. When a user request for access to at least one of the secured data resources is received, a step may be carried out to compare the grant and requirements data structures. Access may then be disallowed by the received user request to any secured data resource that is mapped to any element of the requirements data structure whose requirement value is greater than the grant value of a corresponding element of the grant data structure. In the comparing step, the grant and requirements data structures may be truncated to include only elements mapped to inventoried data resources to which the user request requests access.</p> |
