公开(公告)号：GB2442273A

公开(公告)日：2008-04-02

申请号：GB0619203

申请日：2006-09-29

Applicant: IBM

Inventor： COLGRAVE JOHN ,  ORCHARD JAMES RONALD LEWIS ,  WHITTINGHAM GARY OWEN

IPC: G06F21/60

Abstract: A system provides a number of resources, some of which are subjected to security policies and some of which are not. For secured resources a policy specifying how the resource may be used and by whom is drawn up as usual (Fig. 4a). The system then creates a complementary policy which specifies that all users can use the resource (Fig. 4b). For unsecured resources no security policies are created. When access to a resource is requested 302 the normal policy is checked in the normal fashion 304 and access allowed 306 or denied as usual. If usual access is denied then the complementary policy is checked 310, however the result of this check is inverted. That is, where a policy allows blanket access the access is denied 314 . Whereas where there is no access policy the access is allowed 312. In this fashion access to the unsecured resources with no security policies is facilitated (Fig. 4c).