CPC H04L 63/20 (2013.01) [G06F 21/6218 (2013.01); H04L 63/10 (2013.01)] | 19 Claims |
1. A system for graph-based access control, comprising:
a computing device comprising a processor and a memory device;
wherein the processor is configured to:
receive a request to access a data element of a resource,
identify a target corresponding to the requested data value in an access control graph stored in the memory device comprising a plurality of sub-graphs, each sub-graph comprising a root node corresponding to a different resource of a corresponding plurality of resources, including a first sub-graph comprising a root node corresponding to the resource, one or more additional nodes corresponding to data elements of the resource, and one or more edges identifying a parent-child relationship between the root node and an additional node or between additional nodes,
analyze a path from a node corresponding to a source of the request to the target, the path comprising an edge indicating an access policy, and
responsive to the analysis, allow or disallow access in accordance with the indicated access policy to the data element of the resource.
|