| CPC G06F 21/6245 (2013.01) | 20 Claims |
|
1. A method comprising:
storing data tags representing attributes of datasets stored in a plurality of data platforms;
receiving an original access control policy specification describing an access control policy for accessing sets of datasets by sets of users, wherein a set of datasets is defined based on a condition based on the data tags representing attributes of the datasets;
compiling the original access control policy specification to generate a platform independent access control representation comprising a first set of tuples, each tuple identifying a particular set of users, a particular set of datasets, and a particular action;
for each data platform of the plurality of data platforms, generating data platform specific instructions corresponding to each tuple of the first set of tuples for granting access to users of the particular set of users with respect to the particular action for each dataset of the particular set of datasets corresponding to the tuple;
receiving a modified access control policy specification obtained by modifying the original access control policy specification;
compiling the modified access control policy specification to generate a second set of tuples;
determining a hash value for each of the first and second set of tuples; and
identifying one or more tuples that changed in the second set of tuples compared to the first set of tuples by comparing a hash value of a tuple from the first set of tuples and a hash value of a corresponding tuple from the second set of tuples and
regenerating instructions for the one or more tuples.
|