In computer systems, access to resources such as files is generally controlled based on data containing definitions of access control regulations (hereinafter called “access control data”) such as an access control list (ACL). More specifically, the access control data include definitions of accessibility or inaccessibility to various files. When a certain file is accessed by a user, an access control mechanism hooks this user's access to the file. If the access to this file is authorized by comparing credentials to the access control data, the access control mechanism grants the user to access such a file. Note that the access control mechanism referred herein is a uniquely-constructed mechanism independent of those mechanisms provided by the file system in an operating system (OS).
If the access control over the resources (files) is managed based on the access control data, accessible files may need to be specified in the access control data in advance. Thus, it may be important to acknowledge expected new files in advance in order to minimize flaws in the access control security. If new files are created, it may be important to quickly incorporate the newly created files into the access control data as the accessible files.
The related art (e.g., see Patent Document 1 and Patent Document 2) suggests technologies to automatically generate access control data for reducing tasks of editing the access control data when authorizing a user to access the newly created files. More specifically, according to the related art technologies, the access control data for authorizing the user to access the newly created accessible files are automatically generated. Alternatively, according to the related art technologies, the user's attempt to access the newly created files triggers automatic updating of the access control data for authorizing the user to access the newly created accessible files.
In the meantime, the access control data are manually set under a secure operating system (secure OS) environment, based on an access log acquired by the access control mechanism.
[Patent Document 1] Japanese Laid-open Patent Publication No. 2005-99982
[Patent Document 2] Japanese Laid-open Patent Publication No. 2003-6027