Many users can access business or other information through applications over a local or wide area network. Some information generated by an application contain sensitive information, such as payroll data or credit information. Other information is general. Businesses or other organizations want to limit access to sensitive information, such as credit information or payroll information to a select group of users, yet provide unrestricted access to general information.
Effective security would grant access to information based upon application of one or more criteria, such as time of day, location, task and the role of the user in relation to the information requested. Systems that control access based upon a user's function or role are not sensitive to the functions or information structure of the application program. Access control applied directly on the object is not sensitive to the functional context (task) in which the access happens. Discretionary Access lists control access to files and directories based upon an authorized user list. Once the right is granted, the right typically applies regardless of the task or function activated by the user.
The discussion above is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed subject matter.