Patent attributes
Some embodiments provide a method for gaining insight into applicability of policies that authorize access to at least one service through application programming interface (API) calls by multiple users. The method receives at least one authorization policy that defines access to the service by the users, where the service includes multiple resources. Based on an analysis of the received policy, the method identifies a set of two or more access rules, each access rule associating at least one user to at least one resource. The method receives a query regarding access to a particular resource from a particular set of one or more users, and uses the identified access rules to provide a response to the query that describes access to the particular resource for the particular user set.
