Network-accessible resources must generally be protected from unauthorized access in an attempt to prevent unauthorized release of confidential information, unauthorized use of resources, and/or protect resources from harmful content, such as computer worms, viruses, and other destructive data.
In order to protect network-accessible resources, many systems authenticate a requestor before allowing the requestor to make requests for network-accessible resources, such as data. One method of authenticating a requestor is to require the requestor to log onto a system using a username and/or password.
Often different requestors are authorized to access different network-accessible resources. For example, each requestor may only be able to access data associated with the requestor or data associated with a group which includes the requestor. In order to prevent a requestor from accessing data that is not authorized for that particular requestor, permissions may be tailored for each individual requestor. For example, each combination of a username and/or password may correspond to only a limited set of data within the network that a logged in requestor can access based on the username and/or the password.
In general, once an authorized requestor makes a request for data, a data repository is queried for the requested data. Any outbound data obtained from the data repository in response to the query for requested data is returned to the requestor. The outbound data is not evaluated to determine whether the requestor has permission to access the data prior to the return to the requestor.