Patent attributes
Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, storing the permission and identity information in a data file, determining for the application and a file of the set of files, privileges available to the application for the available authority based on the stored data file, determining a set of privileges needed by the application to access the file based on the stored data file, selecting privileges for a user of the application based on set of privileges needed by the application and the authority available to the application, and assigning the privileges for the user based on the selected privileges.