查看文章

An authorisation privilege for an access request is inferred when no explicit privilege exists. The inference can be performed by way of mining occurrence patterns or derived from user hierarchy, profile, click history, transaction history or role. For any access request, the respective explicit privilege or inferred privilege is verified by the database or security administrator before the access request is permitted. Conditions expressed in an access policy are evaluated on the occurrence of predefined events. The events extend beyond user access requests, and include external events, composite events and access of a referential type. The access policy is framed in event, condition, access enforcement terminology. The access control rules can be parameterised and can be instantiated by data obtained from inference rules associated with the conditions of the policy. The conditions have an evaluation component and an …