Automating post-hoc access control checks and compliance audits

摘要

Methods, systems, and computer-readable storage media for post-hoc analysis of access control decisions, where actions include receiving a request to analyze an access control request, for which an access control decision has been provided based on a policy, retrieving information associated with the access control request from a log, the information including a first security state version and a time, determining a time interval based on the time and an audit policy, retrieving information associated with at least a second security state version based on the time interval, and evaluating the access control request based on information of the first security state and information of the second security state to provide a post-hoc access control decision.