US Patent 7366812 Determination of access rights to information technology resources

A method, system, and firewall for controlling access to resources within an information technology (IT) system. Commands received from a requesting entity request access to a resource associated with each command. An assigned authority level of the requesting entity is identified. At least one required authority level of the requesting entity is determined for each command as a function of each command and a resource criticality classification of the resource associated with each command. The requesting entity is granted or denied the requested access to the resource associated with each command if a determination has been made that each condition of at least one specified condition has or has not been satisfied, respectively. The at least one specified condition is specific to each command and includes a condition of the assigned authority level matching or exceeding an authority level of the at least one required authority level of each command.