As for the distribution of a policy expressed as an access control list, many examples have been observed in which for a plurality of control target machines, one integrated access control server carries out access control.
Under such a situation, it is hoped that the maintainability at a time when an access control list is corrected after a policy is changed is improved.
In this case, an access control list is generally formed as a combination of access control rules, each of which includes an access actor user (a user as access actor), an access target resource, and an access right of permission or prohibition as a set.
In that regard, there is the invention disclosed in PTL 1 as a method of updating a policy associated with a change of a system configuration. Moreover, there is the invention disclosed in PTL 2 as a method of distributing again to a required target device after a policy is changed. According to the above inventions, an entire access control list including a policy that has been so altered as to contain an unchanged portion is restructured, and the entire control list restructured is distributed again. By taking such a measure, it becomes easier to correct a policy rule at a time when a system configuration is changed.