Online resources open to public access are subjected to different risks such as identity theft. In response, service providers have implemented control methods to restrict the access. For resources containing less sensitive information, such as forum resources, access control is less strict; whereas for resources containing more sensitive information, such as ID numbers, member information and bank accounts, access control is more strict.
Different types of resources have different sensitivities associated with their values. For example, if bank accounts are leaked, it may cost monetary loss to account holders or banks, and thus such resources have a very high sensitivity. For another example, if users are allowed to freely access video and image resources in a server, hackers may attack the server for various purposes, which can be potentially disastrous to server operations. Thus, such resources have a high sensitivity. For yet another example, advertisement information and online forum information are public-oriented and usually do not involve confidentiality. They are resources with a low sensitivity.
Existing practices of defining access/permission level are usually static and cannot dynamically adjust the access levels, nor have the flexibility to respond to an evolving resource content. It is common that an administrator, in a stage of defining permission, artificially divides permission levels of the resources based on importance of content currently included in the resources, which is a static manner. This manner of dividing permission levels for the resources fails to take dynamic changes of the resources into account, if the content included in the resources changes, it may result in that the permission levels of the resources change, if such a change cannot be done timely, it is likely to result in improper access control. For example, suppose that, in the stage of defining permission, the administrator divides a resource into a higher permission level and forbids users to access the resource at will. As time goes on, the content included in the resource changes, resulting in that the resource can be accessed by most users. However, as the permission level of the resource is not altered, it results in that only a small number of users can access the resource, which limits utilization of the resource. For another example, suppose that, in the stage of defining permission, the administrator divides a resource into a lower permission level and allows most users to access the resource. As time goes on, the content included in the resource changes. At this point, it is necessary to forbid some users to access the resource at will. However, as the permission level of the resource is not altered, it results in that most users can still access the resource, thus causing potential safety hazards to the resource.