| CPC H04L 63/101 (2013.01) [H04L 9/0643 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01)] | 21 Claims |
|
1. A non-transitory computer-readable medium comprising program code that is executable by a processor for causing the processor to:
receive a first access request from a client device of a user for accessing a particular resource in a computer network;
receive, from a role-based access control (RBAC) system of the computer network, a first response approving or denying the first access request based on an access control policy selected by the RBAC from among a plurality of access control policies, wherein the access control policy is selected by the RBAC from among the plurality of access control policies based on multiple factors including the user, the particular resource to be accessed, and a particular action to be performed with respect to the particular resource;
store a data entry indicating the first response to the first access request;
in an operation distinct from storing the data entry, set a flag to a first value, wherein the flag comprises a binary value and is distinct from the data entry and the first response;
subsequent to setting the flag to the first value:
receive a second access request from the client device for accessing the particular resource;
based on receiving the second access request, determine whether the flag is set to the first value; and
based on determining that the flag is set to the first value:
extract the first response from the data entry; and
use the extracted first response as a second response for the second access request, the second response being generated without using the access control policy; and
dynamically switch the flag between the first value and a second value over time based on changing operating conditions in the computer network, wherein when the flag is set to the first value, access requests from the client device for the particular resource are handled using the stored first response in the data entry rather than the access control policy, and wherein when the flag is set to the second value, access requests from the client device for the particular resource are handled using the access control policy rather than the stored first response in the data entry.
|