<p>A method and apparatus is disclosed for the creation of a centralized, unified and adaptive security policy to be used in conjunction with agents and access analyzers. The security policy provides flexibility to grant access rights based on adaptively generated permission levels as well as predefined threshold. The security policy operates on users, groups of users, resources and groups of resources and hence provides for a security policy system that is capable of adapting to the actual needs of its users and is easy to maintain. Specifically this apparatus and method may be used for security policy in conjunction with network resources.</p>