Patent attributes
Some embodiments provide a method for gaining insight into applicability of policies that authorize access to at least one service through application programming interface (API) calls by a plurality of users. The method receives at least one authorization policy that defines access to the service by the users, where the service includes multiple resources. The method identifies combinations of users and resources referenced by the policy, and for each identified combination of user and resource, executes the policy in order to define access to the identified resource by the identified user. The method receives a query regarding access to a particular resource from a particular set of one or more users, and uses the executed policy to provide a response to the query that describes access to the particular resource for the particular user set.
