Present invention embodiments are related to systems, methods and computer program products for creating and using a link as an entry point for accessing a protected file in a file system. In particular, present invention embodiments relate to systems, methods and computer program products for accessing a protected file via a link mechanism that includes access rights information with respect to the file and may include key information for accessing keys for decrypting content of the file.
In existing file systems, access rights to a file are divided into three categories: owner rights, group rights, and management rights. Information regarding which user or group can decrypt content of a file is managed as a policy separate from the access rights to the file. Thus, existing file systems require policy management and file access rights management to be set and managed separately and consistently.
An increase in a number of directories and files to be managed in existing file systems, which manage access rights and decryption policy separately, makes it difficult to determine what access is actually permitted and to which user or group.