Security systems typically provide a way of filtering information based on criteria that are defined by an administrator. While such a typical security system may prevent a user from gaining access to protected system content if the user is not explicitly permissioned to do so, various embodiments of the present invention provide the ability to reveal certain content only to users with certain attributes, even if, for example, the system administrator is unaware of the user's identity or affiliation and the user is unaware of the nature of the content.
The filtering of the present invention may thus dynamically allow the same content to be accessed or not accessed by a particular user, based on self-declared permission attribute(s), in each situation. For example, the ability to self-declare the permission attribute(s) may help reduce the administrative overhead associated with granting or withdrawing permissions (e.g., depending on the business process) and enhance compliance with laws and policies regulating the users.
Of note, a security system working properly typically prevents access to information such that a user should only gain access to information that he or she should not have only in the event of mistakes by the system administrator. Unauthorized access otherwise should not occur while the system is operational.
In this regard, introducing the ability of a user to self-declare permission attribute(s) may increase the risk of abuse or violation of policies. Various embodiments of the present invention therefore provide the ability to track access to information. This audit information can be reviewed, for example, in the form of a report or sophisticated search criteria and can return a list of possible violations of regulations (e.g., a compliance officer can use the findings to investigate possible violations).